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MISC 


Primary gs - CVSS Source & Patch 
Vendor -- Product Description Published Score Info 
An Unsafe Deserialization vulnerability exists in the worker 
services of the Apache Storm supervisor server allowing pre-auth 
apache -- storm Remote Code Execution (RCE). Apache Storm 2.2.x users should 2021-10-25 75 oo 
P upgrade to version 2.2.1 or 2.3.0. Apache Storm 2.1.x users — MISC 
should upgrade to version 2.1.1. Apache Storm 1.x users should D 
upgrade to version 1.2.4 
A Command Injection vulnerability exists in the 
getTopologyHistory service of the Apache Storm 2.x prior to 2.2.1 CVE-2021-38294 
apache -- storm and Apache Storm 1.x prior to 1.2.4. A specially crafted thrift 2021-10-25 LO MISC 
request to the Nimbus server allows Remote Code Execution MISC 
(RCE) prior to authentication. 
The scheduler service running on a specific TCP port enables the 
user to start and stop jobs. There is no sanitation of the supplied CVE-2021-38481 
auvesy -- versiondog JOB ID provided to the function. An attacker may send a malicious|| 2021-10-22 265 CONFIRM 
payload that can enable the user to execute another SQL ee 
expression by sending a specific string. 
The data of a network capture of the initial handshake phase can 
be used to authenticate at a SYSDBA level. If a specific .exe is not 
; restarted often, it is possible to access the needed handshake CVE-2021-38459 
auvesy:— versiondog packets between admin/client connections. Using the SYSDBA evel Mee i CONFIRM 
permission, an attacker can change user passwords or delete the 
database. 
The server permits communication without any authentication CVE-2021-38457 
auvesy -- versiondog procedure, allowing the attacker to initiate a session with the 2021-10-22 LO CONFIRM 
server without providing any form of authentication. EE 
The database connection to the server is performed by calling a CVE-2021-38475 
auvesy -- versiondog specific API, which could allow an unprivileged user to gain 2021-10-22 9 CONFIRM 
SYSDBA permissions. a 
Some API functions permit by-design writing or copying data into 
: a given buffer. Since the client controls these parameters, an CVE-2021-38449 
auvesyi= versiondog attacker could rewrite the memory in any location of the affected 2021-10742 La CONFIRM 
product. 
Chichen Tech CMS v1.0 was discovered to contain multiple SQL CVE-2020-28960 
cct95 -- chichen_tech_cms injection vulnerabilities in the file product_list.php via the id and cid|| 2021-10-22 10 ee 
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Published 


Source & Patch 
Info 








checkpoint -- harmony_browse 


The Harmony Browse and the SandBlast Agent for Browsers 
installers must have admin privileges to execute some steps 
during the installation. Because the MS Installer allows regular 
users to repair their installation, an attacker running an installer 
before 90.08.7405 can start the installation repair and place a 
specially crafted binary in the repair folder, which runs with the 
admin privileges. 


2021-10-22 


CVE-2021-30359 
MISC 
MISC 








cisco -- 
adaptive_security_appliance 


A vulnerability in SSL/TLS message handler for Cisco Adaptive 
Security Appliance (ASA) Software and Cisco Firepower Threat 
Defense (FTD) Software could allow an unauthenticated, remote 
attacker to cause a denial of service (DoS) condition on an 
affected device. This vulnerability exists because incoming 
SSL/TLS packets are not properly processed. An attacker could 
exploit this vulnerability by sending a crafted SSL/TLS packet to 
an affected device. A successful exploit could allow the attacker to 
cause the affected device to reload, resulting in a DoS condition. 


2021-10-27 


CVE-2021-40117 
CISCO 








cisco -- 
adaptive_security_appliance 


Multiple vulnerabilities in the web services interface of Cisco 
Adaptive Security Appliance (ASA) Software and Cisco Firepower 
Threat Defense (FTD) Software could allow an unauthenticated, 
remote attacker to trigger a denial of service (DoS) condition. 
These vulnerabilities are due to improper input validation when 
parsing HTTPS requests. An attacker could exploit these 
vulnerabilities by sending a malicious HTTPS request to an 
affected device. A successful exploit could allow the attacker to 
cause the device to reload, resulting in a DoS condition. 


2021-10-27 


CVE-2021-40118 
CISCO 








cisco -- 
adaptive_security_appliance 


A vulnerability in the software-based SSL/TLS message handler of 
Cisco Adaptive Security Appliance (ASA) Software and Firepower 
Threat Defense (FTD) Software could allow an unauthenticated, 
remote attacker to cause an affected device to reload, resulting in 
a denial of service (DoS) condition. This vulnerability is due to 
insufficient validation of SSL/TLS messages when the device 
performs software-based SSL/TLS decryption. An attacker could 
exploit this vulnerability by sending a crafted SSL/TLS message to 
an affected device. A successful exploit could allow the attacker to 
cause the affected device to reload, resulting in a DoS condition. 
Note: Datagram TLS (DTLS) messages cannot be used to exploit 
this vulnerability. 


2021-10-27 


CVE-2021-34783 
CISCO 








cisco -- 
adaptive_security_appliance 


A vulnerability in the memory management of Cisco Adaptive 
Security Appliance (ASA) Software and Firepower Threat Defense 
(FTD) Software could allow an unauthenticated, remote attacker 
to cause a denial of service (DoS) condition on an affected device. 
This vulnerability is due to improper resource management when 
connection rates are high. An attacker could exploit this 
vulnerability by opening a significant number of connections on an 
affected device. A successful exploit could allow the attacker to 
cause the device to reload, resulting in a DoS condition. 


2021-10-27 


CVE-2021-34792 
CISCO 








cisco -- 
firepower_management_center 


Multiple Cisco products are affected by a vulnerability in the way 
the Snort detection engine processes ICMP traffic that could allow 
an unauthenticated, remote attacker to cause a denial of service 
(DoS) condition on an affected device. The vulnerability is due to 
improper memory resource management while the Snort detection 
engine is processing ICMP packets. An attacker could exploit this 
vulnerability by sending a series of ICMP packets through an 
affected device. A successful exploit could allow the attacker to 
exhaust resources on the affected device, causing the device to 
reload. 


2021-10-27 


CVE-2021-40114 
CISCO 








cisco -- 
firepower_management_center 








Multiple Cisco products are affected by a vulnerability in Snort 
rules that could allow an unauthenticated, remote attacker to 
cause a denial of service (DoS) condition on an affected 
device. The vulnerability is due to improper handling of the Block 
with Reset or Interactive Block with Reset actions if a rule is 
configured without proper constraints. An attacker could exploit 
this vulnerability by sending a crafted IP packet to the affected 
device. A successful exploit could allow the attacker to cause 
through traffic to be dropped. Note: Only products with Snort3 
configured and either a rule with Block with Reset or Interactive 
Block with Reset actions configured are vulnerable. Products 





configured with Snort2 are not vulnerable. 








2021-10-27 








CVE-2021-40116 
CISCO 
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interaction is not needed for exploitation.Product: 
AndroidVersions: Android kernelAndroid ID: A- 
168607263References: Upstream kernel 


MISC 


Primary ae A CVSS Source & Patch 
Vendor -- Product Description Published Score Info 
A vulnerability in the processing of SSH connections for multi- 
instance deployments of Cisco Firepower Threat Defense (FTD) 
Software could allow an unauthenticated, remote attacker to 
cause a denial of service (DoS) condition on the affected device. 
cisco -- This vulnerability is due to a lack of proper error handling when an 2021-10-27 71 CVE-2021-34781 
firepower_management_center_virtuaSappéasicn fails to be established. An attacker could exploit this ahs CISCO 
vulnerability by sending a high rate of crafted SSH connections to 
the instance. A successful exploit could allow the attacker to 
cause resource exhaustion, which causes a DoS condition on the 
affected device. The device must be manually reloaded to recover. 
Multiple vulnerabilities in the CLI of Cisco Firepower Threat 
; Defense (FTD) Software could allow an authenticated, local 
ie management center virtù aitai to execute arbitrary commands with root privileges. For 2021-10-27 i — ee 
P = 9 = = onh folfivation about these vulnerabilities, see the Details fener 
section of this advisory. 
Multiple vulnerabilities in the CLI of Cisco Firepower Threat 
: Defense (FTD) Software could allow an authenticated, local 
far ae management conter virit aitai to execute arbitrary commands with root privileges. For 2021-10-27 I.2 — e 
P = 9 = = forh foliation about these vulnerabilities, see the Details leans 
section of this advisory. 
CSZ CMS v1.2.4 was discovered to contain an arbitrary file CVE-2020-21250 
Gaatilleice CSZ_OMS upload vulnerability in the component /core/MY_Security.php. cue et | LS MISC 
In Eclipse Openj9 before version 0.29.0, the JVM does not throw os eS 
eclipse -- openj9 lllegalAccessError for MethodHandles that invoke inaccessible 2021-10-25 25 CONFIRM 
interface methods. CONFIRM 
FlashGet v1.9.6 was discovered to contain a buffer overflow in the CVE-2020-28967 
flashget -- flashget ‘current path directory’ function. This vulnerability allows attackers || 2021-10-22 9 Msc 
to elevate local process privileges via overwriting the registers. um 
An Insecure Permissions issue exists in Gestionale Open 
11.00.00. A low privilege account is able to rename the 
mysqld.exe file located in bin folder and replace with a malicious 
file that would connect back to an attacking computer giving CVE-2021-37363 
gestionaleopen -- gestionale_open ||system level privileges (nt authority\system) due to the service 2021-10-26 9:3 MISC 
running as Local System. While a low privilege user is unable to MISC 
restart the service through the application, a restart of the 
computer triggers the execution of the malicious file. The 
application also have unquoted service path issues. 
In ccu, there is a possible memory corruption due to improper 
z : locking. This could lead to local escalation of privilege with System ae CVE-2021-0625 
google -- android execution privileges needed. User interaction is not needed for 2021-10-29 Le MISC 
exploitation. Patch ID: ALPS05594996; Issue ID: ALPS05594996. 
In display driver, there is a possible memory corruption due to 
uninitialized data. This could lead to local escalation of privilege CVE-2021-0634 
google -- android with System execution privileges needed. User interaction is not 2021-10-25 L2 Mise 
needed for exploitation. Patch ID: ALPS05594994; Issue ID: so 
AALPS05594994. 
In RW_SetActivatedTagType of rw_main.cc, there is possible 
memory corruption due to a race condition. This could lead to £ a 
öódlessandroid remote code execution with no additional execution privileges 2021-10-22 93 — 
goog needed. User interaction is not needed for exploitation.Product: R MISC 
AndroidVersions: Android-9 Android-10 Android-11 Android- rrr 
8.1Android ID: A-192472262 
In bpf_skb_change_head of filter.c, there is a possible out of 
bounds read due to a use after free. This could lead to local 
é escalation of privilege with System execution privileges needed. CVE-2021-0941 
google -- android User interaction is not needed for exploitation.Product: ee La MISC 
AndroidVersions: Android kernelAndroid ID: A- 
154177719References: Upstream kernel 
In TBD of TBD, there is a possible out of bounds write due to 
improper locking. This could lead to local escalation of privilege in 
: the kernel with System execution privileges needed. User CVE-2021-0940 
google -- android interaction is not needed for exploitation.Product: OAI aS Le MISC 
AndroidVersions: Android kernelAndroid ID: A- 
171315276References: N/A 
In ip6_xmit of ip6_output.c, there is a possible out of bounds write 
due to a use after free. This could lead to local escalation of 
google -- android privilege with System execution privileges needed. User 2021-10-25 72 CVE-2021-0935 
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Primary nii A CVSS Source & Patch 
Vendor -- Product Description Published Score Info 
In runDumpHeap of ActivityManagerShellCommand.java, there is 
a possible deletion of system files due to a confused deputy. This 
: could lead to local escalation of privilege with no additional CVE-2021-0708 
google -- android execution privileges needed. User interaction is not needed for 20211022 L2 MISC 
exploitation.Product: AndroidVersions: Android-9 Android-10 

Android-11 Android-8.1Android ID: A-183262161 

In sanitizeSbn of NotificationManagerService.java, there is a 

possible way to keep service running in foreground and keep 

granted permissions due to Bypass of Background Service CVE-2021-0705 
google -- android Restrictions. This could lead to local escalation of privilege with no || 2021-10-22 ie Msc 

additional execution privileges needed. User interaction is not C 

needed for exploitation.Product: AndroidVersions: Android-11 

Android-10Android ID: A-185388103 

In SecondStageMain of init.cpp, there is a possible use after free 

due to incorrect shared_ptr usage. This could lead to local 

‘ escalation of privilege if the attacker has physical access to the CVE-2021-0703 
google -- android device, with no additional execution privileges needed. User eee La MISC 

interaction is not needed for exploitation.Product: 

AndroidVersions: Android-11Android ID: A-184569329 

In audio DSP, there is a possible out of bounds write due to an 

incorrect bounds check. This could lead to local escalation of CVE-2021-0663 
google -- android privilege with System execution privileges needed. User 2021-10-25 i Msc 

interaction is not needed for exploitation. Patch ID: e 

ALPS05844458; Issue ID: ALPS05844458. 

In audio DSP, there is a possible out of bounds write due to an 

incorrect bounds check. This could lead to local escalation of CVE-2021-0662 
google -- android privilege with System execution privileges needed. User 2021-10-25 Pees Msc 

interaction is not needed for exploitation. Patch ID: e 

ALPS05844434; Issue ID: ALPS05844434. 

In VectorDrawable::VectorDrawable of VectorDrawable.java, there 

is a possible way to introduce a memory corruption due to sharing 

of not thread-safe objects. This could lead to local escalation of CVE-2021-0652 
google -- android privilege with no additional execution privileges needed. User 2021-10-22 L2 Msc = 

interaction is not needed for exploitation.Product: = 

AndroidVersions: Android-8.1 Android-9 Android-10 Android- 

11Android ID: A-185178568 

In audio DSP, there is a possible out of bounds write due to an 

incorrect bounds check. This could lead to local escalation of CVE-2021-0661 
google -- android privilege with System execution privileges needed. User 2021-10-25 T2 Msc 

interaction is not needed for exploitation. Patch ID: < 

ALPS05844413; Issue ID: ALPS05844413. 

In display driver, there is a possible out of bounds write due to an 

incorrect bounds check. This could lead to local escalation of CVE-2021-0633 
google -- android privilege with System execution privileges needed. User 2021-10-25 eo MISC. 

interaction is not needed for exploitation. Patch ID: e 

ALPS05585423; Issue ID: ALPS05585423. 

Gridpro Request Management for Windows Azure Pack before CVE-2021-40371 
gridprosoftware -- 2.0.7912 allows Directory Traversal for remote code execution, as 2021-10-25 75 MISC 
request_management demonstrated by ..\ in a scriptName JSON value to S MISC 

ServiceManagerTenant/GetVisibilityMap. MISC 

There is a signature management vulnerability in some huawei 

products. An attacker can forge signature and bypass the 

signature check. During firmware update process, successful 

N exploit this vulnerability can cause the forged system file overwrite É . 
taipan neteco 6000 firmware the correct system file. Affected product versions 2021-10-27 9 ae 
ger = = include:iManager NetEco Pacers 

'V600R010CO0CP2001,V600R010CO00CP2002,V600R010CO0SPC)l 00, V600R010@00SPC110/V600RO010C00SPC120 

NetEco 6000 

V600ROO9CO0SPC100,V600RO09CO0SPC110, V600ROO9COOSPG/I 20, V600ROO9L00SPC190/V600RO09CO0SPC20 

CVE-2011-4119 
ae ji caml-light <= 0.75 uses mktemp() insecurely, and also does aa: MISC 
tiie, += camt-light unsafe things in /tmp during make install. 20217 10:29 L3 MISC 

MISC 

Passcovery Co. Ltd ZIP Password Recovery v3.70.69.0 was CVE-2020-28963 
krylack -- zip_password_recovery __||discovered to contain a buffer overflow via the decompress 2021-10-22 i Msc = 

function. Ea 

Privilege escalation vulnerability in the Windows trial installer of 

McAfee Total Protection (MTP) prior to 16.0.34_x may allow a CVE-2021-23877 
mcafee -- total_protection local user to run arbitrary code as the admin user by replacing a 2021-10-26 L2 Msc 

specific temporary file created during the installation of the trial = 

version of MTP. 
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vectors. Note that all versions of Movable Type 4.0 or later 
including unsupported (End-of-Life, EOL) versions are also 
affected by this vulnerability. 




















Primary are A CVSS Source & Patch 
Vendor -- Product Description Published Score Info 
online_student_admission_system_pæ@jicte Student Admission System 1.0 is affected by an n m 
-- unauthenticated SQL injection bypass vulnerability in 2021-10-26 15 MISC 
online_student_admission_system_||/admin/login.php. MISC 
OpenClinic GA 5.194.18 is affected by Insecure Permissions. By 
default the Authenticated Users group has the modify permission 
to openclinic folders/files. A low privilege account is able to 
rename mysqld.exe or tomcat8.exe files located in bin folders and 2 3 
opendinit -aa project = replace with a malicious file that would connect back to an aa A 
P ae J attacking computer giving system level privileges (nt 2021-10-26 9.3 MISC 
P -9 authority\system) due to the service running as Local System. MISC 
While a low privilege user is unable to restart the service through E 
the application, a restart of the computer triggers the execution of 
the malicious file. The application also have unquoted service path 
issues. 
An issue was discovered in OpenPOWER 2.6 firmware. 
unpack_timestamp() calls le32_to_cpu() for endian conversion of 
; F a uint16_t "year" value, resulting in a type mismatch that can CVE-2021-36357 
Openpowerfoundation -- skiboot truncate a higher integer value to a smaller one, and bypass a 2021-10:22 La MISC 
timestamp check. The fix is to use the right endian conversion 
function. 
This vulnerability allows local attackers to escalate privileges on 
affected installations of Parallels Desktop 16.1.3 (49160). An 
attacker must first obtain the ability to execute low-privileged code 
on the target guest system in order to exploit this vulnerability. The 
àtallels:=paralleis-deskto specific flaw exists within the Toolgate component. The issue 2021-10-25 72 C 
P P = P results from the lack of proper validation of user-supplied data, E N/A 
which can result in an uncontrolled memory allocation. An attacker z 
can leverage this vulnerability to escalate privileges and execute 
arbitrary code in the context of the hypervisor. Was ZDI-CAN- 
13544. 
In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 
7.4.25 and 8.0.x below 8.0.12, when running PHP FPM SAPI with -T 
main FPM daemon process running as root and child worker DEBIAN 
processes running as lower-privileged users, it is possible for the DEBIAN 
php -- php child processes to access memory shared with the main process 2021-10-25 Z2 MLIST 
and write to it, modifying it in a way that would cause the root MLIST 
process to conduct invalid memory reads and writes, which can be FEDORA 
used to escalate privileges from local unprivileged user to the root =e 
user. FEDORA 
PolarSSL versions prior to v1.1 use the HAVEGE random number 
generation algorithm. At its heart, this uses timing information 
based on the processor's high resolution timer (the RDTSC CVE-2011-4574 
polarssl -- polarssl instruction). This instruction can be virtualized, and some virtual 2021-10-27 is MISC 
machine hosts have chosen to disable this instruction, returning 
Os or predictable results. 
Portable Ltd Playable v9.18 contains a code injection vulnerability CVE-2020-23037 
portable -- playable in the filename parameter, which allows attackers to execute 2021-10-22 iD Msc 
arbitrary web scripts or HTML via a crafted POST request. Dan 
SuiteCRM before 7.11.19 allows remote code execution via the 
system settings Log File Name setting. In certain circumstances ao e 
ealésauiliivc:suiteerm involving admin account takeover, logger_file_name can refer to 2021-10-22 9 MISC 
guy an attacker-controlled PHP file under the web root, because only = MISC 
the all-lowercase PHP file extensions were blocked. NOTE: this MISC 
issue exists because of an incomplete fix for CVE-2020-28328. a 
showdóc = showdoc ShowDoc 2.8.3 ihas a file upload vulnerability, where attackers 2021-10-22 75 ees 
can use the vulnerability to obtain server permissions. E MISC 
The Simple Payroll System with Dynamic Tax Bracket in PHP 
; ; usin Lite Free.Squrce Code (by: oretnom23 ) is vulnerable 
simple. payroll system wim -dynam haere ES GSI ection-Bypass- Authentication for the admin 9021.10.22 | 75  |CVE2021-42169 
simple. payrall-svsienwith dynam account. [hg parameter (username) from the login form is not = MISC 
ple_payroll_sy —witn_ay prot ed Correctly and there is no security and escaping from 
malicious payloads. 
Movable Type 7 r.5002 and earlier (Movable Type 7 Series), 
Movable Type 6.8.2 and earlier (Movable Type 6 Series), Movable 
Type Advanced 7 r.5002 and earlier (Movable Type Advanced 7 
Series), Movable Type Advanced 6.8.2 and earlier (Movable Type CVE-2021-20837 
s Advanced 6 Series), Movable Type Premium 1.46 and earlier, and MISC 
sixapart--movable_type Movable Type Premium Advanced 1.46 and earlier allow remote 20211026 Ls MISC 
attackers to execute arbitrary OS commands via unspecified MISC 
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Primary ore A CVSS Source & Patch 
Vendor -- Product Description Published | Score Info 
As a result of an unquoted service path vulnerability present in the 
: a Kiwi CatTools Installation Wizard, a local attacker could gain CVE-2021-35230 
solarwinds — kiwi_cattools escalated privileges by inserting an executable into the path of the 2021-10-22 La MISC 
affected service or uninstall entry. 
An SQL Injection vulnerability exists in Sourcecodester Complaint 
Sourcecodester ~ Management System 1.0 via the cid parameter in complaint- 2021-10-27 To CVE-2020-24932 
complaint_management_system detai MISC 
etails.php. 
Internet Download Manager 6.37.11.1 was discovered to contain a 
tonec -- stack buffer overflow in the Search function. This vulnerability CVE-2020-28964 
> ro : 2021-10-22 tok 
internet_download_manager allows attackers to escalate local process privileges via MISC 
unspecified vectors. 
A flaw was found in WebSVN 2.3.2. Without prior authentication, if 
the 'allowDownload' option is enabled in config.php, an attacker CVE-2011-2195 
websvn -- websvn can invoke the dl.php script and pass a well formed ‘path’ 2021-10-26 9.3 MISC... 
argument to execute arbitrary commands against the underlying i 
operating system. 
All versions of yongyou PLM are affected by a command injection 
issue. UFIDA PLM (Product Life Cycle Management) is a strategic 
management method. It applies a series of enterprise application 
ts systems to support the entire process from conceptual design to 7 . 
yonyou : the end of product life, and the collaborative creation, distribution, || 2021-10-22 75 ea 
ufida_product_lifecycle_managemenj res - A MISC 
application and management of product information across 
organizations. Yonyou PLM uses jboss by default, and you can 
access the management control background without authorization 
An attacker can use this vulnerability to gain server permissions. 
Back to top 
Medium Vulnerabilities 
Primary PPE : CVSS Source & Patch 
Vendor -- Product Description Published | Score Info 
WebAccess/NMS (Versions prior to v3.0.3_Build6299) has an 
improper authentication vulnerability, which may allow CVE-2021-32951 
advantech -- webaccessVnms unauthorized users to view resources monitored and controlled by || 2021-10-27 5 Msc 
the WebAccess/NMS, as well as IP addresses and names of all A 
the devices managed via WebAccess/NMS. 
air_sender_project -- air_sender file upload vulnerability in the upload module. This vulnerability 2021-10-22 6.5 Msc 
allows attackers to execute arbitrary code via a crafted file. o 
An issue was discovered in Dask (aka python-dask) through 
2021.09.1. Single machine Dask clusters started with 
dask.distributed.LocalCluster or dask.distributed.Client (which 
defaults to using LocalCluster) would mistakenly configure their CVE-2021-42343 
anaconda -- dask respective Dask workers to listen on external interfaces (typically 2021-10-26 eF 


with a randomly selected high port) rather than only on localhost. 
A Dask cluster created using this method (when running on a 
machine that has an applicable port exposed) could be used by a 
sophisticated attacker to achieve remote code execution. 


MISC 





aplixio -- pdf_shapingup 


Aplioxio PDF ShapingUp 5.0.0.139 contains a buffer overflow 


which allows attackers to cause a denial of service (DoS) via a 
crafted PDF file. 


2021-10-22 


CVE-2020-28969 


MISC 





atlassian -- jira 


Affected versions of Atlassian Jira Server and Data Center allow 


authenticated yet non-administrator remote attackers to edit the 
File Replication settings via a Broken Access Control vulnerability 
in the ‘ReplicationSettings!default.jspa’ endpoint. The affected 
versions are before version 8.6.0, from version 8.7.0 before 
8.13.12, and from version 8.14.0 before 8.20.1. 


2021-10-26 


CVE-2021-41308 
MISC 








atlassian -- jira 


Affected versions of Atlassian Jira Server and Data Center allow 
anonymous remote attackers to view the names of private projects 
and filters via an Insecure Direct Object References (IDOR) 
vulnerability in the Average Number of Times in Status Gadget. 
The affected versions are before version 8.13.12.. 


2021-10-26 


CVE-2021-41305 
MISC 








atlassian -- jira 








Affected versions of Atlassian Jira Server and Data Center allow 
anonymous remote attackers to view private project and filter 
names via an Insecure Direct Object References (IDOR) 
vulnerability in the Average Time in Status Gadget. The affected 
versions are before version 8.13.12, and from version 8.14.0 





before 8.20.0. 








2021-10-26 





In 





CVE-2021-41306 
MISC 
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adaptive_security_appliance 








located behind the ALG. For more information about these 
vulnerabilities, see the Details section of this advisory. Note: 
These vulnerabilities have been publicly discussed as NAT 





Slipstreaming. 














Primary one A CVSS Source & Patch 
Vendor -- Product Description Published Score Info 
Affected versions of Atlassian Jira Server and Data Center allow 
unauthenticated remote attackers to view the names of private 
ORTE. projects and private filters via an Insecure Direct Object ae CVE-2021-41307 
atlassian = jira References (IDOR) vulnerability in the Workload Pie Chart 20211026 5 isc 
Gadget. The affected versions are before version 8.13.12, and 
from version 8.14.0 before 8.20.0. 
Affected versions of Atlassian Jira Server and Data Center allow 
anonymous remote attackers to inject arbitrary HTML or 
: Fs JavaScript via a Cross-Site Scripting (XSS) vulnerability in the CVE-2021-41304 
atlassiani:= jira /secure/admin/ImporterFinishedPage.jspa error message. The 202121029 43 MISC 
affected versions are before version 8.13.12, and from version 
8.14.0 before 8.20.1. 
The login portal for the Automated Logic WebCTRL/WebCTRL 
OEM web application contains a vulnerability that allows for 
reflected XSS attacks due to the operatorlocale GET parameter — 
automatedlogic -- webctrl not being sanitized. This issue impacts versions 6.5 and below. 2021-10-22 4.3 MISC 
This issue works by passing in a basic XSS payload to a MISC 
vulnerable GET parameter that is reflected in the output without pow 
sanitization. 
Many API function codes receive raw pointers remotely from the 
; user and trust these pointers as valid in-bound memory regions. CVE-2021-38479 
auvesy -- versiondog An attacker can manipulate API functions by writing arbitrary data saa 5 CONFIRM 
into the resolved address of a raw pointer. 
A specific function code receives a raw pointer supplied by the CVE-2021-38467 
auvesy -- versiondog user and deallocates this pointer. The user can then control what 2021-10-22 5.9 CONFIRM 
memory regions will be freed and cause use-after-free condition. SaaS 
The affected product does not properly control the allocation of CVE-2021-38463 
auvesy -- versiondog resources. A user may be able to allocate unlimited memory 2021-10-22 5.5 CONFIRM 
buffers using API functions. e 
There are multiple API function codes that permit data writing to CVE-2021-38471 
auvesy -- versiondog any file, which may allow an attacker to modify existing files or 2021-10-22 6.4 CONFIRM 
create new files. a 
The affected product uses a hard-coded blowfish key for CVE-2021-38461 
auvesy -- versiondog encryption/decryption processes. The key can be easily extracted || 2021-10-22 6.4 CONFIRM 
from binaries. foo 
‘ Some API functions allow interaction with the registry, which CVE-2021-38453 
auvesy -- versiondog includes reading values as well as data modification. are | 6.4 CONFIRM 
There are multiple API function codes that permit reading and CVE-2021-38477 
auvesy -- versiondog writing data to or from files and directories, which could lead to the||_ 2021-10-22 6.4 CONFIRM 
manipulation and/or the deletion of files. a ee 
The affected product’s code base doesn’t properly control CVE-2021-38473 
auvesy -- versiondog arguments for specific functions, which could lead to a stack 2021-10-22 6.5 CONFIRM 
overflow. ee 
The affected product’s OS Service does not verify any given 
7 : parameter. A user can supply any type of parameter that will be 40. CVE-2021-38455 
auvesy -- versiondog passed to inner calls without checking the type of the parameter or oun 4 CONFIRM 
the value. 
The webinstaller is a Golang web server executable that enables 
the generation of an Auvesy image agent. Resource consumption CVE-2021-38465 
auvesy -- versiondog can be achieved by generating large amounts of installations, 2021-10-22 4 CONFIRM! 
which are then saved without limitation in the temp folder of the e 
webinstaller executable. 
Many of the services used by the affected product do not specify 
; full paths for the DLLs they are loading. An attacker can exploit an CVE-2021-38469 
auvesy==versiondog the uncontrolled search path by implanting their own DLL near the 2021102 4.3 CONFIRM 
affected product’s binaries, thus hijacking the loaded DLL. 
BQE BillQuick Web Suite 2018 through 2021 before 22.0.9.1 
allows SQL injection for unauthenticated remote code execution, 
as exploited in the wild in October 2021 for ransomware 
pts : à A R CVE-2021-42258 
bqe -- billquick_web_suite installation. SQL injection can, for example, use the txtID (aka 2021-10-22 6.8 MISC 
username) parameter. Successful exploitation can include the oF 
ability to execute arbitrary code as MSSQLSERVER$ via 
xp_cmdshell. 
Multiple vulnerabilities in the Application Level Gateway (ALG) for 
the Network Address Translation (NAT) feature of Cisco Adaptive 
Security Appliance (ASA) Software and Firepower Threat Defense 
; (FTD) Software could allow an unauthenticated, remote attacker 
cuo = to bypass the ALG and open unauthorized connections with a host|| 2021-10-27 5 pe a 
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cisco -- 
adaptive_security_appliance 


A vulnerability in the identity-based firewall (IDFW) rule processing 
feature of Cisco Adaptive Security Appliance (ASA) Software and 
Cisco Firepower Threat Defense (FTD) Software could allow an 
unauthenticated, remote attacker to bypass security protections. 
This vulnerability is due to improper handling of network requests 
by affected devices configured to use object group search. An 
attacker could exploit this vulnerability by sending a specially 
crafted network request to an affected device. A successful exploit 
could allow the attacker to bypass access control list (ACL) rules 
on the device, bypass security protections, and send network 
traffic to unauthorized hosts. 


2021-10-27 


CVE-2021-34787 
CISCO 








cisco -- 
adaptive_security_appliance 


Multiple vulnerabilities in the Application Level Gateway (ALG) for 
the Network Address Translation (NAT) feature of Cisco Adaptive 
Security Appliance (ASA) Software and Firepower Threat Defense 
(FTD) Software could allow an unauthenticated, remote attacker 
to bypass the ALG and open unauthorized connections with a host 
located behind the ALG. For more information about these 
vulnerabilities, see the Details section of this advisory. Note: 
These vulnerabilities have been publicly discussed as NAT 
Slipstreaming. 


2021-10-27 


In 


CVE-2021-34791 
CISCO 








cisco -- 
adaptive_security_appliance 


A vulnerability in the TCP Normalizer of Cisco Adaptive Security 
Appliance (ASA) Software and Firepower Threat Defense (FTD) 
Software operating in transparent mode could allow an 
unauthenticated, remote attacker to poison MAC address tables, 
resulting in a denial of service (DoS) vulnerability. This 
vulnerability is due to incorrect handling of certain TCP segments 
when the affected device is operating in transparent mode. An 
attacker could exploit this vulnerability by sending a crafted TCP 
segment through an affected device. A successful exploit could 
allow the attacker to poison the MAC address tables in adjacent 
devices, resulting in network disruption. 


2021-10-27 


In 


CVE-2021-34793 
CISCO 








cisco -- 
adaptive_security_appliance 


A vulnerability in the Simple Network Management Protocol 
version 3 (SNMPv3) access control functionality of Cisco Adaptive 
Security Appliance (ASA) Software and Cisco Firepower Threat 
Defense (FTD) Software could allow an unauthenticated, remote 
attacker to query SNMP data. This vulnerability is due to 
ineffective access control. An attacker could exploit this 
vulnerability by sending an SNMPv3 query to an affected device 
from a host that is not permitted by the SNMPv3 access control 
list. A successful exploit could allow the attacker to send an SNMP 
query to an affected device and retrieve information from the 
device. The attacker would need valid credentials to perform the 
SNMP query. 


2021-10-27 


ln 


CVE-2021-34794 
CISCO 








cisco -- 
adaptive_security_appliance 


A vulnerability in the Internet Key Exchange Version 2 (IKEv2) 
implementation of Cisco Adaptive Security Appliance (ASA) 
Software and Cisco Firepower Threat Defense (FTD) Software 
could allow an authenticated, remote attacker to trigger a denial of 
service (DoS) condition on an affected device. This vulnerability is 
due to improper control of a resource. An attacker with the ability 
to spoof a trusted IKEv2 site-to-site VPN peer and in possession 
of valid IKEv2 credentials for that peer could exploit this 
vulnerability by sending malformed, authenticated IKEv2 
messages to an affected device. A successful exploit could allow 
the attacker to trigger a reload of the device. 


2021-10-27 


CVE-2021-40125 
CISCO 








cisco -- 
firepower_management_center 


Multiple vulnerabilities in the payload inspection for Ethernet 
Industrial Protocol (ENIP) traffic for Cisco Firepower Threat 
Defense (FTD) Software could allow an unauthenticated, remote 
attacker to bypass configured rules for ENIP traffic. These 
vulnerabilities are due to incomplete processing during deep 
packet inspection for ENIP packets. An attacker could exploit 
these vulnerabilities by sending a crafted ENIP packet to the 
targeted interface. A successful exploit could allow the attacker to 
bypass configured access control and intrusion policies that 
should be activated for the ENIP packet. 


2021-10-27 


ln 


CVE-2021-34754 
CISCO 








cisco -- 
firepower_management_center_virtu 








A vulnerability in Cisco Firepower Threat Defense (FTD) Software 
could allow an authenticated, local attacker to overwrite or append 
arbitrary data to system files using root-level privileges. The 
attacker must have administrative credentials on the device. This 
vulnerability is due to incomplete validation of user input for a 
isbeqipidhicecommand. An attacker could exploit this vulnerability 
by authenticating to the device with administrative privileges and 
issuing a CLI command with crafted user parameters. A 
successful exploit could allow the attacker to overwrite or append 
arbitrary data to system files using root-level privileges. 











2021-10-27 








CVE-2021-34761 
CISCO 
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supplied data prior to copying it to a fixed-length stack-based 
buffer. An attacker can leverage this vulnerability to execute code 
in the context of root. Was ZDI-CAN-13270. 

















Primary are A CVSS Source & Patch 
Vendor -- Product Description Published Score Info 
Multiple vulnerabilities in the web-based management interface of 
; Cisco Firepower Management Center (FMC) Software could allow 
oe management- cantor Viti attacker ac execute a cross-site scripting (XSS) attack or an 2021-10-27 5.8 — 
P = 9 = = Span Peditéct attack. For more information about these ———— 
vulnerabilities, see the Details section of this advisory. 
A vulnerability in the web-based management interface of Cisco 
Firepower Management Center (FMC) Software could allow an 
authenticated, remote attacker to perform a directory traversal 
attack on an affected device. The attacker would require valid 
cisco -- device credentials. The vulnerability is due to insufficient input 2021-10-27 55 CVE-2021-34762 
firepower_management_center_virtuablafailtmoéthe HTTPS URL by the web-based management ee CISCO 
interface. An attacker could exploit this vulnerability by sending a 
crafted HTTPS request that contains directory traversal character 
sequences to an affected device. A successful exploit could allow 
the attacker to read or write arbitrary files on the device. 
Cloud Controller versions prior to 1.118.0 are vulnerable to 
unauthenticated denial of Service(DoS) vulnerability allowing CVE-2021-22101 
cloudfoundry -- capi-release unauthenticated attackers to cause denial of service by using 2021-10-27 5 MISC... 
REST HTTP requests with label_selectors on multiple V3 fees 
endpoints by generating an enormous SQL query. 
In the CODESYS V2 web server prior to V1.1.9.22 crafted web 
codasve.c-.hadasys server requests may cause a Null pointer dereference in the 2021-10-26 5 oro me 
y y CODESYS web server and may result in a denial-of-service = Msc 
condition. fee 
In the CODESYS V2 web server prior to V1.1.9.22 crafted web 
server requests can trigger a parser error. Since the parser result CVE-2021-34585 
codesys -- codesys is not checked under all conditions, a pointer dereference with an || 2021-10-26 5 CONFIRM 
invalid address can occur. This leads to a denial of service MISC 
situation. 
Crafted web server requests may cause a heap-based buffer CVE-2021-34583 
codesys -- codesys overflow and could therefore trigger a denial-of- service condition || 2021-10-26 5 CONFIRM 
due to acrash in the CODESYS V2 web server prior to V1.1.9.22. MISC 
Crafted web server requests can be utilised to read partial stack or CVE-2021-34584 
codesys -- codesys heap memory or may trigger a denial-of- service condition due to 2021-10-26 6.4 CONFIRM 
a crash in the CODESYS V2 web server prior to V1.1.9.22. MISC 
A crafted request with invalid offsets may cause an out-of-bounds 
i read or write access in CODESYS V2 Runtime Toolkit 32 Bit full CVE-2021-34595 
codesys -- plewinnt and PLCWinNT prior to versions V2.4.7.56, resulting in a denial- | 2021-10-26 35 [CONFIRM 
of-service condition or local memory overwrite. 
In CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior 
to versions V2.4.7.56 unauthenticated crafted invalid requests CVE-2021-34593 
codesys -- plcwinnt may result in several denial-of-service conditions. Running PLC 2021-10-26 5 CONFIRM 
programs may be stopped, memory may be leaked, or further FULLDISC 
communication clients may be blocked from accessing the PLC. 
A crafted request may cause a read access to an uninitialized 
E i pointer in CODESYS V2 Runtime Toolkit 32 Bit full and P CVE-2021-34596 
a oa a PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of- || 2021-10-26 4 CONFIRM 
service condition. 
Cross-Site Scripting (XSS) vulnerability exists in Csdn APP CVE-2021-41747 
csdn -- csdn_app 4.10.0, which can be exploited by attackers to obtain sensitive 2021-10-22 4.3 MISC 
information such as user cookies. MISC 
bistomen relationship manà ement ® file u load vulnerability exists in Sourcecodester Customer 
Is = P_ 9 IRTA ionship Management System 1.0 via the account update 2021-10-27 6.5 CVE-2021-37221 
i : option & customer create option, which could let a remote = MISC 
customer_relationship_management yetem ; à 
malicious user upload an arbitrary php file. . 
This vulnerability allows network-adjacent attackers to execute 
arbitrary code on affected installations of D-Link DAP-2020 
1.01rc001 routers. Authentication is not required to exploit this 
vulnerability. The specific flaw exists within the handling of the CVE-2021-34863 
d-link -- dap-2020_ firmware var:page parameter provided to the webproc endpoint. The issue 2021-10-25 6.8 IN/A 
results from the lack of proper validation of the length of user- IN/A 
supplied data prior to copying it to a fixed-length stack-based 
buffer. An attacker can leverage this vulnerability to execute code 
in the context of root. Was ZDI-CAN-13271. 
This vulnerability allows network-adjacent attackers to execute 
arbitrary code on affected installations of D-Link DAP-2020 
1.01rc001 routers. Authentication is not required to exploit this 
vulnerability. The specific flaw exists within the handling of the CVE-2021-34862 
d-link -- dap-2020_ firmware var:menu parameter provided to the webproc endpoint. The issue || 2021-10-25 5.8 IN/A 
results from the lack of proper validation of the length of user- IN/A 
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take over and unapproved settings change. 














CONFIRM 





Primary MPE A CVSS Source & Patch 
Vendor -- Product Description Published Score Info 
This vulnerability allows network-adjacent attackers to execute 
arbitrary code on affected installations of D-Link DAP-2020 
1.01rc001 routers. Authentication is not required to exploit this 
vulnerability. The specific flaw exists within the webproc endpoint, CVE-2021-34861 
d-link -- dap-2020_firmware which listens on TCP port 80 by default. The issue results from the|| 2021-10-25 5.8 IN/A 
lack of proper validation of the length of user-supplied data prior to IN/A 
copying it to a fixed-length stack-based buffer. An attacker can 
leverage this vulnerability to execute code in the context of root. 
Was ZDI-CAN-12104. 
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site 
_ scripting (XSS) vulnerabilities in the component tane CVE-2020-36497 
dedecms -- dedecms makehtml_homepage.php via the ‘filename’, `mid`, ‘userid’, and ov 43 MISC 
‘templet’ parameters. 
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site CVE-2020-23046 
dedecms -- dedecms scripting (XSS) vulnerabilities in the component tpl.php via the 2021-10-22 4.3 MISC... 
‘filename’, ‘mid’, ‘userid’, and ‘templet’ parameters. == 
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site 
= scripting (XSS) vulnerabilities in the component 40. CVE-2020-36494 
dedecms = dedécms mychannel_edit.php via the ‘filename’, ‘mid’, `userid`, and 20211024 4.3 MISC 
‘templet’ parameters. 
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site 
7 scripting (XSS) vulnerabilities in the component E CVE-2020-36495 
dedecms -- dedecms file_manage_view.php via the ‘filename’, ‘mid’, `userid`, and a 43 MISC 
‘templet’ parameters. 
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site 
_ scripting (XSS) vulnerabilities in the component “an: CVE-2020-36496 
dodecms = dedecme sys_admin_user_edit.php via the ‘filename’, ‘mid’, ‘userid’, and PORIE 4.3 MISC 
‘templet’ parameters. 
Dropouts Technologies LLP Air Share v1.2 was discovered to 
contain a cross-site scripting (XSS) vulnerability in the path CVE-2020-23041 
dropouts -- air_share parameter of the ‘list and ‘download’ exception-handling. This 2021-10-22 4.3 Msc 
vulnerability allows attackers to execute arbitrary web scripts or ae 
HTML via a crafted GET request. 
Dropouts Technologies LLP Super Backup v2.0.5 was discovered 
to contain a cross-site scripting (XSS) vulnerability in the path CVE-2020-23042 
dropouts -- super_backup parameter of the ‘list’ and ‘download’ module. This vulnerability 2021-10-22 4.3 Msc 
allows attackers to execute arbitrary web scripts or HTML via a e 
crafted GET request. 
Dropouts Technologies LLP Super Backup v2.0.5 was discovered 
to contain an issue in the path parameter of the `list and CVE-2020-23061 
dropouts -- super_backup ‘download’ module which allows attackers to perform a directory 2021-10-22 5 Msc 
traversal via a change to the path variable to request the local list E 
command. 
eLabFTW is an open source electronic lab notebook manager for 
research teams. In versions of eLabF TW before 4.1.0, it allows 
attackers to bypass a brute-force protection mechanism by using . f 
many different forged PHPSESSID values in HTTP Cookie we 
header. This issue has been addressed by implementing brute Msc 
elabftw -- elabftw force login protection, as recommended by Owasp with Device 2021-10-22 4 MISC 
Cookies. This mechanism will not impact users and will effectively MISC 
thwart any brute-force attempts at guessing passwords. The only MISC 
correct way to address this is to upgrade to version 4.1.0. Adding Er 
rate limitation upstream of the eLabF TW service is of course a 
valid option, with or without upgrading. 
The affected product is vulnerable to a disclosure of peer 
Fieles, 1410 ateway firmware ||USername and password by allowing all users access to read 2021-10-22 4 Sora a 
R -9 y global variables. e 
emerson -- The affected product is vulnerable to directory traversal due to 2021-10-22 6.5 CVE-2021-42542 
wireless_1410_gateway_firmware |jmishandling of provided backup folder structure. EEs CONFIRM 
The affected product is vulnerable to a unsanitized extract folder 
SRON ; for system configuration. A low-privileged user can leverage this 2021-10-22 6.5 CVE-2021-42540 
wireless_1410_gateway_firmware : 5 , : h CONFIRM 
logic to overwrite the settings and other key functionality. 
The affected product is vulnerable to improper input validation in 
emerson : the restore file. This enables an attacker to provide malicious 2021-10-22 6.5 C vE-2021-38465 
Wwireless_1410_gateway_firmware aes ; ; CONFIRM 
config files to replace any file on disk. 
The affected product is vulnerable to a parameter injection via 
emerson -- : CVE-2021-42538 
Wireless 1410_gateway firmware A bi which enables the attacker to supply uncontrolled 2021-10-22 6.5 CONFIRM 
The affected product is vulnerable to a missing permission 
emerson validation on system backup restore, which could lead to account 2021-10-22 6.5 CVE-2021-42539 








https://content.govdelivery.com/accounts/USDHSCISA/bulletins/2fa3235 


10/34 








11/1/21, 2:32 PM 


Vulnerability Summary for the Week of October 25, 2021 





Primary 
Vendor -- Product 


Description 


Published 


CVSS 
Score 


Source & Patch 
Info 








facebook -- hhvm 


HHVM supports the use of an "admin" server which accepts 
administrative requests over HTTP. One of those request 
handlers, dump-pcre-cache, can be used to output cached regular 
expressions from the current execution context into a file. The 
handler takes a parameter which specifies where on the 
filesystem to write this data. The parameter is not validated, 
allowing a malicious user to overwrite arbitrary files where the 
user running HHVM has write access. This issue affects HHVM 
versions prior to 4.56.2, all versions between 4.57.0 and 4.78.0, 
as well as 4.79.0, 4.80.0, 4.81.0, 4.82.0, and 4.83.0. 


2021-10-26 


CVE-2019-3556 
CONFIRM 
CONFIRM 
CONFIRM 








firefly-iii -- firefly_iii 


firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) 


2021-10-27 


CVE-2021-3900 
MISC 
CONFIRM 








freeswitch -- freeswitch 


FreeSWITCH is a Software Defined Telecom Stack enabling the 
digital transformation from proprietary telecom switches to a 
software implementation that runs on any commodity hardware. 
By default, SIP requests of the type SUBSCRIBE are not 
authenticated in the affected versions of FreeSWITCH. Abuse of 
this security issue allows attackers to subscribe to user agent 
event notifications without the need to authenticate. This abuse 
poses privacy concerns and might lead to social engineering or 
similar attacks. For example, attackers may be able to monitor the 
status of target SIP extensions. Although this issue was fixed in 
version v1.10.6, installations upgraded to the fixed version of 
FreeSWITCH from an older version, may still be vulnerable if the 
configuration is not updated accordingly. Software upgrades do 
not update the configuration by default. SIP SUBSCRIBE 
messages should be authenticated by default so that 
FreeSWITCH administrators do not need to explicitly set the 
`auth-subscriptions` parameter. When following such a 
recommendation, a new parameter can be introduced to explicitly 
disable authentication. 


2021-10-26 


In 


CVE-2021-41157 
CONFIRM 

MISC 

MISC 
FULLDISC 








freeswitch -- freeswitch 


FreeSWITCH is a Software Defined Telecom Stack enabling the 
digital transformation from proprietary telecom switches to a 
software implementation that runs on any commodity hardware. 
Prior to version 1.10.7, an attacker can perform a SIP digest leak 
attack against FreeSWITCH and receive the challenge response 
of a gateway configured on the FreeSWITCH server. This is done 
by challenging FreeSWITCH's SIP requests with the realm set to 
that of the gateway, thus forcing FreeSWITCH to respond with the 
challenge response which is based on the password of that 
targeted gateway. Abuse of this vulnerability allows attackers to 
potentially recover gateway passwords by performing a fast offline 
password cracking attack on the challenge response. The attacker 
does not require special network privileges, such as the ability to 
sniff the FreeSWITCH's network traffic, to exploit this issue. 
Instead, what is required for this attack to work is the ability to 
cause the victim server to send SIP request messages to the 
malicious party. Additionally, to exploit this issue, the attacker 
needs to specify the correct realm which might in some cases be 
considered secret. However, because many gateways are actually 
public, this information can easily be retrieved. The vulnerability 
appears to be due to the code which handles challenges in 
*sofia_reg.c’, ‘sofia_reg_handle_sip_r_challenge() which does 
not check if the challenge is originating from the actual gateway. 
The lack of these checks allows arbitrary UACs (and gateways) to 
challenge any request sent by FreeSWITCH with the realm of the 
gateway being targeted. This issue is patched in version 10.10.7. 
Maintainers recommend that one should create an association 
between a SIP session for each gateway and its realm to make a 
check be put into place for this association when responding to 
challenges. 


2021-10-26 


In 


CVE-2021-41158 
CONFIRM 

MISC 
FULLDISC 








freeswitch -- freeswitch 








Software Defined Telecom Stack enabling the digital 
transformation from proprietary telecom switches to a software 
implementation that runs on any commodity hardware. 
FreeSWITCH prior to version 1.10.7 is susceptible to Denial of 
Service via SIP flooding. When flooding FreeSWITCH with SIP 
messages, it was observed that after a number of seconds the 
process was killed by the operating system due to memory 
exhaustion. By abusing this vulnerability, an attacker is able to 
crash any FreeSWITCH instance by flooding it with SIP 
messages, leading to Denial of Service. The attack does not 
require authentication and can be carried out over UDP, TCP or 





TLS. This issue was patched in version 1.10.7. 








2021-10-25 





ln 





CVE-2021-41145 
CONFIRM 

MISC 
FULLDISC 
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Primary ae A CVSS Source & Patch 
Vendor -- Product Description Published Score Info 
FreeSWITCH is a Software Defined Telecom Stack enabling the 
digital transformation from proprietary telecom switches to a 
software implementation that runs on any commodity hardware. 
When handling SRTP calls, FreeSWITCH prior to version 1.10.7 is 
susceptible to a DoS where calls can be terminated by remote 
attackers. This attack can be done continuously, thus denying 
encrypted calls during the attack. When a media port that is 
handling SRTP traffic is flooded with a specially crafted SRTP 
packet, the call is terminated leading to denial of service. This oo 
freeswitch -- freeswitch issue was reproduced when using the SDES key exchange 2021-10-25 5 Msc 
mechanism in a SIP environment as well as when using the DTLS FULLDISC 
key exchange mechanism in a WebRTC environment. The call — 
disconnection occurs due to line 6331 in the source file 
*switch_rtp.c’, which disconnects the call when the total number of 
SRTP errors reach a hard-coded threshold (100). By abusing this 
vulnerability, an attacker is able to disconnect any ongoing calls 
that are using SRTP. The attack does not require authentication or 
any special foothold in the caller's or the callee's network. This 
issue is patched in version 1.10.7. 
A cross site scripting (XSS) vulnerability in the Insert Video CVE-2020-22864 
froala -- wysiwyg-editor function of Froala WYSIWYG Editor 3.1.0 allows attackers to 2021-10-26 4.3 MISC 
execute arbitrary web scripts or HTML. MISC 
The Game Server Status WordPress plugin through 1.0 does not 
game-server-status_ project -- validate or escape the server_id parameter before using it in SQL 2021-10-25 6.5 CVE-2021-24662 
game-server-status statement, leading to an Authenticated SQL Injection in an admin = MISC 
page 
CVE-2021-42836 
MISC 
: : ; GJSON before 1.9.3 allows a ReDoS (regular expression denial of MISC 
gjson_project -- gjson service) attack. (reg P 2021-10-22 5 MISC 
MISC 
MISC 
In multiple methods of AAudioService, there is a possible use- 
after-free due to a race condition. This could lead to local CVE-2021-0483 
google -- android escalation of privilege with User execution privileges needed. User|| 2021-10-22 4.4 a a e 
: pes tek i MISC 
interaction is not needed for exploitation.Product: 
AndroidVersions: Android-10 Android-11Android ID: A-153358911 
In acc_read of f_accessory.c, there is a possible memory 
corruption due to a use after free. This could lead to local 
: escalation of privilege with no additional execution privileges CVE-2021-0936 
google -- android needed. User interaction is not needed for exploitation.Product: 2021510329 4.8 MISC 
AndroidVersions: Android kernelAndroid ID: A- 
173789633References: Upstream kernel 
In loadLabel of PackageltemInfo.java, there is a possible way to 
DoS a device by having a long label in an app due to incorrect 
; input validation. This could lead to local denial of service with no CVE-2021-0651 
google — android additional execution privileges needed. User interaction is needed 2021-10-24 Ar MISC 
for exploitation.Product: AndroidVersions: Android-11 Android-9 
Android-10Android ID: A-67013844 
In startListening of PluginManagerlmpl.java, there is a possible 
way to disable arbitrary app components due to a missing 
z s permission check. This could lead to local denial of service with no 40. CVE-2021-0706 
9o09 == android additional execution privileges needed. User interaction is not OREA 4.9 MISC 
needed for exploitation.Product: AndroidVersions: Android-9 
Android-10 Android-11 Android-8.1Android ID: A-193444889 
In wifi driver, there is a possible system crash due to a missing 
bounds check. This could lead to remote denial of service with no CVE-2021-0630 
google -- android additional execution privileges needed. User interaction is not 2021-10-25 5 Msc 
needed for exploitation. Patch ID: ALPS05551397; Issue ID: ra 
AALPS05551397. 
In wifi driver, there is a possible system crash due to a missing 
bounds check. This could lead to remote denial of service with no CVE-2021-0631 
google -- android additional execution privileges needed. User interaction is not 2021-10-25 5 Msc 
needed for exploitation. Patch ID: ALPS05551435; Issue ID: e 
ALPS05551435. 
An improper input validation vulnerability in Helpu solution could 
allow a local attacker to arbitrary file creation and execution CVE-2020-7867 
helpu -- helpuviewer without click file transfer menu. It is possible to file in arbitrary 2021-10-27 4.6 Msc 
directory for user because the viewer program receive the file from Fao 
agent with privilege of administrator. 
There is a Configuration defects in Huawei 
huawei -- emui Smartphone.Successful exploitation of this vulnerability may affect|| 2021-10-28 5 oo 
service availability. e 
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Prima aT : CVSS Source & Patch 
Vendor -- die Description Published | Score Info 
There is a Directory traversal vulnerability in Huawei 
huawei -- emui Smartphone.Successful exploitation of this vulnerability may affect|| 2021-10-28 | 5 i 
service confidentiality. pee 
There is a Remote DoS vulnerability in Huawei 
huawei -- emui Smartphone.Successful exploitation of this vulnerability can affect || 2021-10-28 | 5 a 
service integrity. = 
: : There is a DoS vulnerability in Huawei Smartphone.Successful CVE-2021-22402 
nuawebe-ermdt exploitation of this vulnerability may cause DoS attacks. evel’ | 4 MISC 
There is a path traversal vulnerability in Huawei FusionCube 
6.0.2.The vulnerability is due to that the software uses external 
input to construct a pathname that is intended to identify a CVE-2021-37130 
huawei -- fusioncube_firmware directory that is located underneath a restricted parent directory, 2021-10-27 5 Msc 
but the software does not properly validate the pathname. ca 
Successful exploit could allow the attacker to access a location 
that is outside of the restricted directory by a crafted filename. 
There is an out of bounds write vulnerability in some Huawei 
products. The vulnerability is caused by a function of a module 
that does not properly verify input parameter. Successful exploit 
could cause out of bounds write leading to a denial of service 
condition.Affected product versions include:IPS Module 
V500R005C00,V500R005C20;NGFW Module 
V500R005C00;NIP6600 V500R005C00,V500R005C20;S12700 
huawei -- ips_module_firmware _|V200R010CO0SPC600,V200R011C10SP.C500,V200R011C10SPCBORIZ2OURR7 3Ç00SBC500 Naane Bc20 
¥200R0 196008800 V200R0 HG 080500 V200R011C 10SPCb00;S2700 Se 
V200R010CO0SPC600,V200R011C10SPC500,V200R011C10SPC600;S5700 
V200R010CO0SPC600,V200R010C00SPC700,V200R011C10SPG500,V200R011010SPC600|V200R019CO0SPC5U) 
V200R010CO0SPC600,V200R011C10SPC500,V200R011C10SPC0600;S7700 
V200R010CO0SPC600,V200R010C00SPC700,V200R011C10SPC600,V200R01110SPC600IS9700 
V200R010CO0SPC600,V200R011C10SPC500,V200R011C10SPC600;USG9500 
V500R005C00,V500R005C20. 
There is a CSV injection vulnerability in ManageOne, iManager 
NetEco and iManager NetEco 6000. An attacker with high 
: rivilege may exploit this vulnerability through some operations to CVE-2021-37131 
huawei -- manageone inject fhe Ca¥ ties Due 1 insulae inpuievelisstien st some || 2021-10-27 6 misc 
parameters, the attacker can exploit this vulnerability to inject CSV 
files to the target device. 
IBM Business Automation Workflow 18.0, 19.0, 20.0, and 21.0 is 
ibri vulnerable to cross-site scripting. This vulnerability allows users to CVE-2021-29835 
busi > embed arbitrary JavaScript code in the Web UI thus altering the 2021-10-22 4.3 CONFIRM 
usiness_automation_workflow à f . i ; : : 
intended functionality potentially leading to credentials disclosure XE 
within a trusted session. IBM X-Force ID: 204833. 
ibm = IBM Jazz Team Server products could allow an authenticated user CVE-2021-29774 
engineering_lifecycle_optimization to obtain elevated privileges under certain configurations. IBM X- 2021-10-27 6 XE 
= = Force ID: 203025. CONFIRM 
IBM Planning Analytics 2.0 could allow a remote attacker to obtain 
ibm -- planning_analytics sensitive information, caused by the failure to set the HTTPOnly 2021-10-27 5 aa S 
= flag. A remote attacker could exploit this vulnerability to obtain = xF 
sensitive information from the cookie. IBM X-Force ID: 198755. mee 
Ingeteam INGEPAC DA AU AUC_1.13.0.28 (and before) web 
application allows access to a certain path that contains sensitive 
ingeteam -- information that could be used by an attacker to execute more 2021-10-25 5 CVE-2017-20007 
ingepac_da_au_firmware sophisticated attacks. An unauthenticated remote attacker with 7 CONFIRM 
access to the device’s web service could exploit this vulnerability 
in order to obtain different configuration files. 
jQuery-UI is the official jQuery user interface library. Prior to 
version 1.13.0, accepting the value of the ‘altField* option of the 
Datepicker widget from untrusted sources may execute untrusted ao an 
jquery -- jquery_ui code. The issue is fixed in jQuery UI 1.13.0. Any string value 2021-10-26 4.3 Msc 
passed to the `altField` option is now treated as a CSS selector. A MISC 
workaround is to not accept the value of the ‘altField’ option from pana 
untrusted sources. 
jQuery-UI is the official jQuery user interface library. Prior to 
version 1.13.0, accepting the value of various `*Text options of CVE-2021-41183 
the Datepicker widget from untrusted sources may execute MISC 
jquery -- jquery_ui untrusted code. The issue is fixed in jQuery UI 1.13.0. The values |} 2021-10-26 4.3 MISC 
passed to various `*Textť options are now always treated as pure CONFIRM 
text, not HTML. A workaround is to not accept the value of the MISC 
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include the rate-limits on the two factor codes. It is recommended 
that the Nextcloud Server be upgraded to 20.0.13, 21.0.5, or 
22.2.0. As a workaround, enable a memory cache backend in 





*config.php’. 














Primary are A CVSS Source & Patch 
Vendor -- Product Description Published Score Info 
jQuery-UI is the official jQuery user interface library. Prior to 
version 1.13.0, accepting the value of the ‘of option of the 
`.position() util from untrusted sources may execute untrusted aans 
jquery -- jquery_ui code. The issue is fixed in jQuery UI 1.13.0. Any string value 2021-10-26 4.3 CONFIRM 
passed to the ‘of option is now treated as a CSS selector. A Msc 
workaround is to not accept the value of the ‘of option from n 
untrusted sources. 
The jQuery Reply to Comment WordPress plugin through 1.31 
: ; does not have any CSRF check when saving its settings, nor 
panes cpu alt prea ™ |lsanitise or escape its 'Quote String’ and 'Reply String’ settings 2021-10-25 4.3 -T mae 
jquery=repy before outputting them in Comments, leading to a Stored Cross- GE 
Site Scripting issue. 
Swift File Transfer Mobile v1.1.2 and below was discovered to 
i ee contain an information disclosure vulnerability in the path CVE-2020-23038 
kumilabs -- swift_file_transfer parameter. This vulnerability is exploited via an error caused by epee 5 MISC 
including non-existent path environment variables. 
Macrob7 Macs Framework Content Management System - 1.14f CVE-2020-23047 
macs_cms_project -- macs_cms was discovered to contain a cross-site scripting (XSS) vulnerability|| 2021-10-22 4.3 Msc 
in the search input field of the search module. i 
Macrob7 Macs Framework Content Management System - 1.14f CVE-2020-23045 
macs_cms_project -- macs_cms was discovered to contain a SQL injection vulnerability via the 2021-10-22 6:5 Msc 
'roleld' parameter of the `editRole` and `deletUser` modules. aor 
Portable Ltd Playable v9.18 was discovered to contain an arbitrary 
7 file upload vulnerability in the filename parameter of the upload 40. CVE-2020-36485 
irae ponabler-inlayable module. This vulnerability allows attackers to execute arbitrary 202171023 46 MISC 
code via a crafted JPEG file. 
A vulnerability was found in Mangboard(WordPress plugin). A 
SQL-Injection vulnerability was found in order_type parameter. CVE-2021-26609 
mangboard -- mang_board The order_type parameter makes a SQL query using unfiltered 2021-10-26 5 Msc 
data. This vulnerability allows a remote attacker to steal user e 
information. 
Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator 
> (ePO) prior to 5.10 Update 11 allows ePO administrators to inject CVE-2021-31835 
mcafee — epolicy_orchestrator arbitrary web script or HTML via a specific parameter where the enw ae 43 CONFIRM 
administrator's entries were not correctly sanitized. 
MEDIA NAVI Inc SMACom v1.2 was discovered to contain an 
insecure session validation vulnerability in the session handling of 
the ‘password’ authentication parameter of the wifi photo transfer CVE-2020-23036 
medianavi -- smacom module. This vulnerability allows attackers with network access 2021-10-22 4.3 Msc 
privileges or on public wifi networks to read the authentication fe 
credentials and follow-up requests containing the user password 
via a man in the middle attack. 
Mycodo is an environmental monitoring and regulation system. An CVE-2021-41185 
exploit in versions prior to 8.12.7 allows anyone with access to CONFIRM 
mycodobroject=imycodó endpoints to download files outside the intended directory. A patch 2021-10-26 4 Msc 
y proj y has been applied and a release made. Users should upgrade to = MISC 
version 8.12.7. As a workaround, users may manually apply the MISC 
changes from the fix commit. D 
; F À r CVE-2021-41078 
rameko mnameko Nameko through 2.13.0 can be tricked into performing arbitrary 2021-10-26 6.8 MISC 
code execution when deserializing the config file. MISC 
Nextcloud is an open-source, self-hosted productivity platform. A 
missing permission check in Nextcloud Deck before 1.2.9, 1.4.5 CVE-2021-39225 
and 1.5.3 allows another authenticated users to access Deck CONFIRM 
NEKIN ECK cards of another user. It is recommended that the Nextcloud Deck | 2021-10-25 5.5 MISC 
App is upgraded to 1.2.9, 1.4.5 or 1.5.3. There are no known MISC 
workarounds aside from upgrading. 
Nextcloud is an open-source, self-hosted productivity platform. 
Prior to versions 20.0.13, 21.0.5, and 22.2.0, Nextcloud Server did 
not implement a database backend for rate-limiting purposes. Any 
component of Nextcloud using rate-limits (as as T Z 
*AnonRateThrottle’ or ‘UserRateThrottle’) was thus not rate aa 
nextcloud -- nextcloud_server limited on instances not having a memory cache backend 2021-10-25 55 Msc 
configured. In the case of a default installation, this would notably MISC 
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user-supplied data, which can result in a memory corruption 
condition. An attacker can leverage this vulnerability to escalate 
privileges and execute arbitrary code in the context of the 





hypervisor. Was ZDI-CAN-13581. 

















Prima aT : CVSS Source & Patch 
Vendor -- Pie Description Published Score Info 
Nextcloud is an open-source, self-hosted productivity platform. 
The Nextcloud OfficeOnline application prior to version 1.1.1 
returned verbatim exception messages to the user. This could 
result in a full path disclosure on shared files. (e.g. an attacker CVE-2021-39224 
nextcloud -- officeonline could see that the file “shared.txt’ is located within 2021-10-25 5 CONFIRM 
*/files/Susername/Myfolder/Mysubfolder/shared.txt’). It is MISC 
recommended that the OfficeOnline application is upgraded to 
1.1.1. As a workaround, one may disable the OfficeOnline 
application in the app settings. 
Nextcloud is an open-source, self-hosted productivity platform. 
The Nextcloud Richdocuments application prior to versions 3.8.6 
and 4.2.3 returned verbatim exception messages to the user. This 
could result in a full path disclosure on shared files. (e.g. an 1 ia 
nextcloud -- richdocuments attacker could see that the file “shared.txt is located within 2021-10-25 5 CONFIRM 
*/files/Susername/Myfolder/Mysubfolder/shared.txt’). It is Msc 
recommended that the Richdocuments application is upgraded to R 
3.8.6 or 4.2.3. As a workaround, disable the Richdocuments 
application in the app settings. 
Nextcloud is an open-source, self-hosted productivity platform. 
Prior to versions 20.0.13, 21.0.5, and 22.2.0, a file traversal 
vulnerability makes an attacker able to download arbitrary SVG 
images from the host system, including user provided files. This 
could also be leveraged into a XSS/phishing attack, an attacker CVE-2021-41178 
could upload a malicious SVG file that mimics the Nextcloud login MISC 
hextcloud -- server form an send a specially crafted link to victims. The XSS risk à eee 4 MISC 
here is mitigated due to the fact that Nextcloud employs a strict CONFIRM 
Content-Security-Policy disallowing execution of arbitrary 
JavaScript. It is recommended that the Nextcloud Server be 
upgraded to 20.0.13, 21.0.5 or 22.2.0. There are no known 
workarounds aside from upgrading. 
Nextcloud is an open-source, self-hosted productivity platform. 
Prior to Nextcloud Server versions 20.0.13, 21.0.5, and 22.2.0, the 
'Two-Factor Authentication wasn't enforced for pages marked as 
public. Any page marked as ‘@PublicPage’ could thus be CVE-2021-41179 
Aaxicloud’= sërver accessed with a valid user session that isn't authenticated. This 2021-10-25 4 MISC 
particularly affects the Nextcloud Talk application, as this could be a MISC 
leveraged to gain access to any private chat channel without CONFIRM 
going through the Two-Factor flow. It is recommended that the 
Nextcloud Server be upgraded to 20.0.13, 21.0.5 or 22.2.0. There 
are no known workarounds aside from upgrading. 
nxp -- NXP MCUXpresso SDK v2.7.0 was discovered to contain a buffer 2021-10-25 | 46 CVE-2021-38258 
mcuxpresso_software_development|¢werflow in the function USB_HostProcessCallback(). ai MISC 
NXP MCUXpresso SDK v2.7.0 was discovered to contain a buffer 
ERD = Feed t|eyertiow in the function otis | ae ee s 
et eit ae i $B HostParseDeviceConfigurationDescriptor(). fea 
Exposure of senstive information to an unauthorised actor in the 
"com.onepeloton.erlich" mobile application up to and including CVE-2021-40527 
onepeloton -- peloton version 1.7.22 allows a remote attacker to access developer files 2021-10-25 g CONFIRM 
stored in an AWS S3 bucket, by reading credentials stored in plain EDA 
text within the mobile application. 
Incorrect calculation of buffer size vulnerability in Peleton TTR01 
up to and including PTV55G allows a remote attacker to trigger a 
, Denial of Service attack through the GymKit daemon process b CVE-2021-40526 
onepeloton -- ttr01_firmware exploiting a heap overflow in the PENNOR server handie the 2021:10:23 5 CONFIRM 
Apple GymKit communication. This can lead to an Apple MFI 
device not being able to authenticate with the Peleton Bike 
; iai Online Student Admission System 1.0 is affected by an insecure CVE-2021-37372 
online_student_admission_system AFIS S load vulnerability. A low privileged user can upload 2021-10-26 6.5 MISC 
eer ve malicious PHP files by updating their profile image to gain remote ae = MISC 
online_student_admission_system kode execution MISC 
This vulnerability allows local attackers to escalate privileges on 
affected installations of Parallels Desktop 16.1.3 (49160). An 
attacker must first obtain the ability to execute high-privileged 
code on the target guest system in order to exploit this 
PEA TETEE EN vulnerability. The specific flaw exists within the virtio-gpu virtual || 5554.49.95 | 46 (Mao 
P p = P device. The issue results from the lack of proper validation of am N/A 
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affected service or uninstall entry. Example vulnerable path: 


"Computer\HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Kiwi 


Syslog Server\Parameters\Application". 

















MISC 


Primary ae A CVSS Source & Patch 
Vendor -- Product Description Published Score Info 
This vulnerability allows local attackers to escalate privileges on 
affected installations of Parallels Desktop 16.1.3 (49160). An 
attacker must first obtain the ability to execute high-privileged 
code on the target guest system in order to exploit this 
vulnerability. The specific flaw exists within the Toolgate Ci E ES Ts 
parallels -- parallels _desktop : eee 2021-10-25 4.6 IN/A 
component. The issue results from the lack of proper validation of N/A 
user-supplied data, which can result in a write past the end of an = 
allocated buffer. An attacker can leverage this vulnerability to 
escalate privileges and execute arbitrary code in the context of the 
hypervisor. Was ZDI-CAN-13601. 
This vulnerability allows local attackers to escalate privileges on 
affected installations of Parallels Desktop 16.1.3 (49160). An 
attacker must first obtain the ability to execute low-privileged code 
on the target guest system in order to exploit this vulnerability. The CVE-2021-34864 
parallels -- parallels_desktop specific flaw exists within the WinAppHelper component. The 2021-10-25 4.6 NA #© 
issue results from the lack of proper access control. An attacker peer 
can leverage this vulnerability to escalate privileges and execute 
arbitrary code in the context of the hypervisor. Was ZDI-CAN- 
13543. 
The Permalink Manager Lite WordPress plugin before 2.2.13.1 
permalink_manager_lite_project -- |ldoes not validate and escape the orderby parameter before using 2021-10-25 6.5 CVE-2021-24769 
permalink_manager_lite itin a SQL statement in the Permalink Manager page, leading to a —— MISC 
SQL Injection 
Pterodactyl is an open-source game server management panel 
built with PHP 7, React, and Go. In affected versions of 
Pterodactyl a malicious user can trigger a user logout if a signed CVE-2021-41176 
in user visits a malicious website that makes a request to the MISC 
pterodactyl — panel Panel's sign-out endpoint. This requires a targeted attack against 202119729 43 CONFIRM 
a specific Panel instance, and serves only to sign a user out. **No MISC 
user details are leaked, nor is any user data affected, this is 
simply an annoyance at worst.** This is fixed in version 1.6.3. 
Rasa X before 0.42.4 allows Directory Traversal during archive 
extraction. In the functionality that allows a user to load a trained eee 
rasa -- rasa_x ‘ ; : Pe be 2021-10-22 4.3 MISC 
model archive, an attacker has arbitrary write capability within CONFIRM 
specific directories via a crafted archive file. re 
The St-Daily-Tip WordPress plugin through 4.7 does not have any 
CSRF check in place when saving its 'Default Text to Display if no 
ee eee tips' setting, and was also lacking sanitisation as well as escaping ae CVE-2021-24487 
sanskruti -- st-daily-tip before outputting it the page. This could allow attacker to make evel 1029 6.8 MISC 
logged in administrators set a malicious payload in it, leading to a 
Stored Cross-Site Scripting issue 
SeedDMS Content Management System v6.0.7 contains a CVE-2020-23048 
seeddms -- seeddms persistent cross-site scripting (XSS) vulnerability in the component}} 2021-10-22 4.3 Msc 
AddEvent.php via the name and comment parameters. -n 
Sky File v2.1.0 contains a directory traversal vulnerability in the CVE-2020-23040 
sky_file_project -- sky_file FTP server which allows attackers to access sensitive data and 2021-10-22 5 Msc 
files via 'null' path commands. ieee 
; ; : An issue in the FTP server of Sky File v2.1.0 allows attackers to CVE-2020-36488 
sky_file_project -- sky_file perform directory traversal via `/null/^ path commands. 2021-10:22 | 4 MISC 
Penguin Aurora TV Box 41502 is a high-end network HD set-top 
box produced by Tencent Video and Skyworth Digital. An 
ie pen ax: firmware unauthorized access vulnerability exists in the Penguin Aurora 2021-10-26 6.4 a 
penguin Se Box. An attacker can use the vulnerability to gain unauthorized res 
access to a specific link to remotely control the TV. 
The HTTP TRACK & TRACE methods were enabled in Kiwi 
Syslog Server 9.7.1 and earlier. These methods are intended for 
diagnostic purposes only. If enabled, the web server will respond CVE-2021-35233 
solarwinds -- kiwi_syslog_server to requests that use these methods by returning exact HTTP 2021-10-27 5 MISC 
request that was received in the response to the client. This may MISC 
lead to the disclosure of sensitive information such as internal 
authentication headers appended by reverse proxies. 
As a result of an unquoted service path vulnerability present in the 
Kiwi Syslog Server Installation Wizard, a local attacker could gain CVE-2021-35231 
solarwinds -- kiwi_syslog_server escalated privileges by inserting an executable into the path of the 2024-10-25 46 Msc — 
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(XSS) vulnerabilities via the firstname and lastname parameters of 

















MISC 


Prima are : CVSS Source & Patch 
Vendor -- Pie Description Published Score Info 

The ASP.NET debug feature is enabled by default in Kiwi Syslog 

Server 9.7.2 and previous versions. ASP.NET allows remote 

debugging of web applications, if configured to do so. Debug 

mode causes ASP.NET to compile applications with extra 

: ons information. The information enables a debugger to closely CVE-2021-35235 

solarwinds -- kiwi_syslog_server A : aaa 2021-10-27 5 MISC 

monitor and control the execution of an application. If an attacker MISC 

could successfully start a remote debugging session, this is likely a 

to disclose sensitive information about the web application and 

supporting infrastructure that may be valuable in targeting SWI 

with malicious intent. 

The Secure flag is not set in the SSL Cookie of Kiwi Syslog Server 

9.7.2 and previous versions. The Secure attribute tells the browser 

to only send the cookie if the request is being sent over a secure CVE-2021-35236 
solarwinds -- kiwi_syslog_server channel such as HTTPS. This will help protect the cookie from 2021-10-27 5 MISC 

being passed over unencrypted requests. If the application can be MISC 

accessed over both HTTP, there is a potential for the cookie can 

be sent in clear text. 

Cross Site Scripting (XSS) vulnerability exists in Sourcecodester CVE-2021-41728 
sourcecodester --news247_ems  |Newe247 CMS 1.0 via the search function in articles, 2021-10-28 | 43 Imisc 

The Formidable Form Builder WordPress plugin before 4.09.05 

allows to inject certain HTML Tags like <audio>,<video>,<img>, 

<a> and<button>.This could allow an unauthenticated, remote 

attacker to exploit a HTML-injection byinjecting a malicous link. 

The HTML-injection may trick authenticated users to follow the 

link. If the Link gets clicked, Javascript code can be executed. The 

vulnerability is due to insufficient sanitization of the "data- CVE-2021-24884 
strategy11 -- frmverify" tag for links in the web-based entry inspection page of 2021-10-25 6.8 MISC 
formidable_form_builder affected systems. A successful exploitation incomibantion with aa MISC 

CSRF could allow the attacker to perform arbitrary actions on an MISC 

affected system with the privileges of the user. These actions 

include stealing the users account by changing their password or 

allowing attackers to submit their own code through an 

authenticated user resulting in Remote Code Execution. If an 

authenticated user who is able to edit Wordpress PHP Code in 

any kind, clicks the malicious link, PHP code can be edited. 

Swift File Transfer Mobile v1.1.2 was discovered to contain a 
swiftfiletransfer -- swift_file_transfer cross-site scripting (XSS) vulnerability via the devicename 2021-10-22 43 CVE-2020-36502 

parameter which allows attackers to execute arbitrary web scripts MISC 

or HTML via a crafted payload entered as the device name itself. 

Swift File Transfer Mobile v1.1.2 and below was discovered to CVE-2020-36486 
swiftfiletransfer -- swift_file_transfer ||contain a cross-site scripting (XSS) vulnerability via the 'path' 2021-10-22 4.3 Msc 

parameter of the 'list' and 'download' exception-handling. oa 

TAO Open Source Assessment Platform v3.3.0 RC02 was 

F discovered to contain a HTML injection vulnerability in the 

hater ~ userFirstName parameter of heuer account input field, This 2021-10-22 6 CE 200-3050 
ao_assessment_platform j pe MISC 

vulnerability allows attackers to execute phishing attacks, external 

redirects, and arbitrary code. 

This vulnerability allows remote attackers to execute arbitrary 

code on affected installations of TeamViewer 15.16.8.0. User 

interaction is required to exploit this vulnerability in that the target 

must visit a malicious page or open a malicious file. The specific CVE-2021-34859 
teamviewer -- teamviewer flaw exists within the parsing of TVS files. The issue results from 2021-10-25 6.8 N/A 

the lack of proper validation of user-supplied data, which can N/A 

result in a memory corruption condition. An attacker can leverage 

this vulnerability to execute code in the context of the current 

process. Was ZDI-CAN-13697. 

Internet Download Manager 6.37.11.1 was discovered to contain a 
tonec -- stack buffer overflow in the Export/Import function. This 2021-10-22 6.6 CVE-2020-23060 
internet_download_manager vulnerability allows attackers to escalate local process privileges 7 MISC 

via a crafted ef2 file. 

The affected controllers do not properly sanitize the input CVE-2021-38450 
trane -- tracer_concierge containing code syntax. As a result, an attacker could craft code to|| 2021-10-27 6:5 CONFIRM 

alter the intended controller flow of the software. ————— 

The affected product’s web application does not properly CVE-2021-42534 
trane -- tracer_sc_ firmware neutralize the input during webpage generation, which could allow || 2021-10-22 4.3 CONFIRM 

an attacker to inject code in the input forms. 7 
nse i _ A cross-site scripting (XSS) vulnerability in NSK User Agent String 
agent_switeher_and_manager_prols, witcher Service v0.3.5 allows attackers to execute arbitrary web 2021-10-22 4.3 a 
a E nenaos: scripts or HTML via a crafted payload in the user agent input field. EE 
user_registration_ Phpgurukul User Registration & User Management System v2.0 
amp;_login_and_user_management|\systerconvtreddmiconmainemptopetstored cross-site scripting 2021-10-22 43 ICVE-2020-23051 


amp;_login_and_user_management|thgstegistnattiora domi Sagshsystem input fields. 
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via the ‘activepath’, ‘keyword’, ‘tag’, ‘fmdo=x&filename’, 


MISC 


Primary ae A CVSS Source & Patch 
Vendor -- Product Description Published Score Info 
The WP Debugging WordPress plugin before 2.11.0 has its 
wp_debugging_project -- update_settings() function hooked to admin_init and is missing 2021-10-25 43 CVE-2021-24779 
wp_debugging any capability and CSRF checks, as a result, the settings can be á MISC 
updated by unauthenticated users. 
The Check & Log Email WordPress plugin before 1.0.3 does not 
p $ > validate and escape the "order" and "orderby" GET parameters CVE-2021-24774 
wpchill -- check_ amp;_log_email | fore using them in a SQL statement when viewing logs, leading AORN 102S 25 MISC 
to SQL injections issues 
e oll WordPress plugin before 6.1.2 does not escape the - - 
The YOP Poll WordP plugin before 6.1.2 d t pe th CVE-2021-24885 
yop-poll -- yop-poll perpage parameter before outputting it back in an attribute, 2021-10-25 4.3 CONFIRM 
leading to a Reflected Cross-Site Scripting MISC 
Back to top 
Low Vulnerabilities 
Primary ai P CVSS Source & Patch 
Vendor -- Product Description Published Score Info 
Akaunting v1.3.17 was discovered to contain a stored cross-site 
ae ; scripting (XSS) vulnerability which allows attackers to execute “40. CVE-2020-20908 
akaunting -- akaunting arbitrary web scripts or HTML via a crafted payload in the 2021-10325 25 MISC 
Company Name input field. 
AS_Redis is an AntSword plugin for Redis. The Redis Manage 5 - 
: : plugin for AntSword prior to version 0.5 is vulnerable to Self-XSS CVE-2021-41172 
antsword_redis_project -- : ata a mee insets : : MISC 
: due to due to insufficient input validation and sanitization via redis || 2021-10-26 25 
antsword_redis ; > : i : CONFIRM 
server configuration. Self-XSS in the plugin configuration leads to MISC 
code execution. This issue is patched in version 0.5. Baa 
The affected product’s proprietary protocol CSC allows for calling 
numerous function codes. In order to call those function codes, CVE-2021-38451 
auvesy -- versiondog the user must supply parameters. There is no sanitation on the 2021-10-22 35 CONFIRM 
value of the offset, which allows the client to specify any offset and i 
read out-of-bounds data. 
Catalyst IT Ltd Mahara CMS v19.10.2 was discovered to contain 
multiple cross-site scripting (XSS) vulnerabilities in the component ine CVE-2020-23052 
catalyst = mahara groupfiles.php via the Number (Nombre) and Description ene a 3.8 MISC 
(Descripción) parameters. 
The WordPress Contact Forms by Cimatti WordPress plugin 
before 1.4.12 does not sanitise and escape the Form Title before CVE-2021-24744 
cimatti -- contact_forms outputting it in some admin pages. which could allow high 2021-10-25 3:5 Msc 
privilege users to perform Cross-Site Scripting attacks even when p= 
the unfiltered_html is disallowed. 
Multiple vulnerabilities in the web-based management interface of 
: _ Cisco Firepower Management Center (FMC) Software could allow í e 
Fe we ranadement center vinti attacker d0 execute a cross-site scripting (XSS) attack or an 2021-10-27 35. ea 
P = 9 = = Ope Peditéct attack. For more information about these =a 
vulnerabilities, see the Details section of this advisory. 
The Cookie Bar WordPress plugin through 1.8.8 doesn't properly 
TE ae ‘a sanitise the Cookie Bar Message setting, which could allow high “40. CVE-2021-24653 
Cookie par ea COOKIE par privilege users to perform Cross-Site Scripting attacks even when 202 T02S 25 MISC 
the unfiltered_html capability is disallowed 
This vulnerability allows network-adjacent attackers to disclose 
sensitive information on affected installations of D-Link DAP-2020 
1.01rc001 routers. Authentication is not required to exploit this 
vulnerability. The specific flaw exists within the handling of the CVE-2021-34860 
d-link -- dap-2020_firmware getpage parameter provided to the webproc endpoint. The issue 2021-10-25 23 N/A 
results from the lack of proper validation of a user-supplied path N/A 
prior to using it in file operations. An attacker can leverage this 
vulnerability to disclose information in the context of root. Was 
ZDI-CAN-12103. 
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site 
= scripting (XSS) vulnerabilities in the component file_pic_view.php “40. CVE-2020-23044 
dedecms= dedecms via the `activepath`, ‘keyword’, ‘tag’, ‘fmdo=x&filename’, evel see 3.8 MISC 
*CKEditor’ and ‘CKEditorFuncNum’ parameters. 
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site 
scripting (XSS) vulnerabilities in the component z £ 
dedecms -- dedecms file_manage_view.php via the ‘activepath’, ‘keyword’, ‘tag’, 2021-10-22 29 a = 
`fmdo=x&filename`, `CKEditor` and `CKEditorFuncNum` G 
parameters. 
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site 
dedecms = dedecms scripting (XSS) vulnerabilities in the component media_main.php 2021-10-22 35 CVE-2020-36493 











*CKEditor’ and ‘CKEditorFuncNum’ parameters. 
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interaction is not needed for exploitation. Patch ID: 
ALPS05561384; Issue ID: ALPS05561384. 




















MISC 


Primary are A CVSS Source & Patch 
Vendor -- Product Description Published Score Info 
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site 
_ scripting (XSS) vulnerabilities in the component select_media.php cae CVE-2020-36492 
dedecms — dedecms via the “activepath’, ‘keyword’, ‘tag’, ‘fmdo=x&filename’, ee 3.5 MISC 
*CKEditor’ and “CKEditorFuncNum* parameters. 
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site 
= scripting (XSS) vulnerabilities in the component tags_main.php via Gee CVE-2020-36491 
dedecmsadedecms the `activepath`, ‘keyword’, ‘tag’, ‘fmdo=x&filename’, ‘CKEditor 2021102 Š MISC 
and `CKEditorFuncNum` parameters. 
In PiranhaCMS, versions 7.0.0 to 9.1.1 are vulnerable to stored 
: Ga se : CVE-2021-25977 
; : XSS due to the page title improperly sanitized. By creating a page eon aan 
dotnetfoundation -- piranha ems vith a specially crafted page title, a low privileged user can trigger 2021-10-25 ae ra 
arbitrary JavaScript execution. somes 
Draytek VigorAP 1000C contains a stored cross-site scripting 
(XSS) vulnerability in the RADIUS Setting - RADIUS Server CVE-2020-28968 
draytek -- vigorap_1000c_firmware ||Configuration module. This vulnerability allows attackers to 2021-10-22 28 MISC... 
execute arbitrary web scripts or HTML via a crafted payload in the res 
username input field. 
Dropouts Technologies LLP Air Share v1.2 was discovered to 
contain a cross-site scripting (XSS) vulnerability in the £ £ 
dropouts -- air_share devicename parameter. This vulnerability allows attackers to 2021-10-22 2:5 v1 n 
execute arbitrary web scripts or HTML via a crafted payload in the i 
devicename information. 
The Easy Media Download WordPress plugin before 1.1.7 does 
easy_media_download_project -- _||not escape the text argument of its shortcode, which could allow 2021-10-25 3.5 CVE-2021-24699 
easy_media_download users with a role as low as Contributor to perform Stored Cross- ae MISC 
Site Scripting attacks. 
The Request a Quote WordPress plugin before 2.3.5 does not 
‘ sanitise, validate or escape some of its settings in the admin CVE-2021-24489 
emarketdesign -- request_a_quote dashboard, leading to authenticated Stored Cross-Site Scripting eee 3.5 MISC 
issues even when the unfiltered_html capability is disallowed. 
Go Ethereum is the official Golang implementation of the 
Ethereum protocol. Prior to version 1.10.9, a vulnerable node is rit iene 
susceptible to crash when processing a maliciously crafted PETA 
ethereum -- go_ethereum message from a peer. Version v1.10.9 contains patches to the 2021-10-26 2a us 
vulnerability. There are no known workarounds aside from Msc 
upgrading. EEN 
; ; ' An issue in the authentication mechanism in Nong Ge File CVE-2020-23058 
ne explorer project = Mis -explórer Explorer v1.4 unauthenticated allows to access sensitive data. Freer a MISC 
Fork CMS Content Management System v5.8.0 was discovered to 
contain a cross-site scripting (XSS) vulnerability in the 2 : 
fork-cms -- fork_cms “Displayname’ field when using the ‘Add’, ‘Edit’ or ‘Register’ 2021-10-22 || 3.5 a 
functions. This vulnerability allows attackers to execute arbitrary roar 
web scripts or HTML. 
Multiple cross-site scripting (XSS) vulnerabilities in the Customer 
Add module of Foxlor v0.10.16 allows attackers to execute CVE-2020-28957 
molon -MOXI arbitrary web scripts or HTML via a crafted payload entered into EORI A 3.8 MISC 
the name, firstname, or username input fields. 
Galette is a membership management web application geared i 3 
towards non profit organizations. In versions prior to 0.9.5, era ie 
malicious javascript code can be stored to be displayed later on Msc 
galette -- galette self subscription page. The self subscription feature can be 2021-10-25 35 MISC 
disabled as a workaround (this is the default state). Malicious MISC 
javascript code can be executed (not stored) on login and retrieve MISC 
password pages. This issue is patched in version 0.9.5. geet 
: are F CVE-2021-3904 
getgrav -- grav grav is vulnerable to Improper Neutralization of Input During Web 2024-10-27 3.5 CONFIRM 
Page Generation ('Cross-site Scripting’) Msc 
In asf extractor, there is a possible out of bounds read due to an 
incorrect bounds check. This could lead to local information CVE-2021-0613 
google -- android disclosure with no additional execution privileges needed. User 2021-10-25 2A Msc 
interaction is not needed for exploitation. Patch ID: AE 
ALPS05489178; Issue ID: ALPS05489178. 
In flv extractor, there is a possible out of bounds read due to an 
integer overflow. This could lead to local information disclosure CVE-2021-0615 
google -- android with no additional execution privileges needed. User interaction is || 2021-10-25 2A Msc 
not needed for exploitation. Patch ID: ALPS05561369; Issue ID: EEA 
ALPS05561369. 
In flv extractor, there is a possible out of bounds read due to a 
heap buffer overflow. This could lead to local information CVE-2021-0414 
google -- android disclosure with no additional execution privileges needed. User 2021-10-25 2A me ee 
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google -- android 


In flv extractor, there is a possible out of bounds read due to a 
missing bounds check. This could lead to local information 
disclosure with no additional execution privileges needed. User 
interaction is not needed for exploitation. Patch ID: 
ALPS05561379; Issue ID: ALPS05561379. 


2021-10-25 


CVE-2021-0413 


MISC 








google -- android 


In flv extractor, there is a possible out of bounds read due to a 
missing bounds check. This could lead to local information 
disclosure with no additional execution privileges needed. User 
interaction is not needed for exploitation. Patch ID: 
ALPS05561366; Issue ID: ALPS05561366. 


2021-10-25 


CVE-2021-0412 


MISC 








google -- android 


In flv extractor, there is a possible out of bounds read due to an 
integer overflow. This could lead to local information disclosure 
with no additional execution privileges needed. User interaction is 
not needed for exploitation. Patch ID: ALPS05561362; Issue ID: 
AALPS05561362. 


2021-10-25 


CVE-2021-0411 
MISC 








google -- android 


In ape extractor, there is a possible out of bounds read due to a 
heap buffer overflow. This could lead to local information 
disclosure with no additional execution privileges needed. User 
interaction is not needed for exploitation. Patch ID: 
ALPS05561389; Issue ID: ALPS05561389. 


2021-10-25 


CVE-2021-0616 
MISC 








google -- android 


In ape extractor, there is a possible out of bounds read due to a 
heap buffer overflow. This could lead to local information 
disclosure with no additional execution privileges needed. User 
interaction is not needed for exploitation. Patch ID: 
ALPS05561391; Issue ID: ALPS05561391. 


2021-10-25 


CVE-2021-0617 
MISC 








google -- android 


In flv extractor, there is a possible out of bounds read due to an 
incorrect bounds check. This could lead to local information 
disclosure with no additional execution privileges needed. User 
interaction is not needed for exploitation. Patch ID: 
ALPS05561360; Issue ID: ALPS05561360. 


2021-10-25 


CVE-2021-0410 
MISC 








google -- android 


In flv extractor, there is a possible out of bounds read due to an 
incorrect bounds check. This could lead to local information 
disclosure with no additional execution privileges needed. User 
interaction is not needed for exploitation. Patch ID: 
ALPS05561359; Issue ID: ALPS05561359. 


2021-10-25 


CVE-2021-0409 
MISC 








google -- android 


In ape extractor, there is a possible out of bounds read due to a 
heap buffer overflow. This could lead to local information 
disclosure with no additional execution privileges needed. User 
interaction is not needed for exploitation. Patch ID: 
ALPS05561394; Issue ID: ALPS05561394. 


2021-10-25 


CVE-2021-0618 
MISC 








google -- android 


In getAllSubInfoList of SubscriptionController.java, there is a 
possible way to retrieve a long term identifier without the correct 
permissions due to a missing permission check. This could lead to 
local information disclosure with User execution privileges 
needed. User interaction is not needed for exploitation.Product: 
AndroidVersions: Android-11 Android-10Android ID: A-183612370 


2021-10-22 


CVE-2021-0643 
MISC 








google -- android 


In memzero_explicit of compiler-clang.h, there is a possible 
bypass of defense in depth due to uninitialized data. This could 
lead to local information disclosure with no additional execution 
privileges needed. User interaction is not needed for 
exploitation.Product: AndroidVersions: Android kernelAndroid ID: 
A-171418586References: Upstream kernel 


2021-10-25 


CVE-2021-0938 
MISC 








google -- android 


In wifi driver, there is a possible out of bounds read due to a 
missing bounds check. This could lead to remote information 
disclosure to a proximal attacker under certain build conditions 
with no additional execution privileges needed. User interaction is 
not needed for exploitation. Patch ID: ALPS05560246; Issue ID: 
AALPS05551383. 


2021-10-25 


CVE-2021-0632 
MISC 








google -- android 


In set_default_passthru_cfg of passthru.c, there is a possible out 
of bounds read due to a missing bounds check. This could lead to 
local information disclosure with System execution privileges 
needed. User interaction is not needed for exploitation.Product: 
AndroidVersions: Android kernelAndroid ID: A- 
186026549References: N/A 


2021-10-25 


CVE-2021-0939 
MISC 








google -- android 








In asf extractor, there is a possible out of bounds read due to an 
incorrect bounds check. This could lead to local information 
disclosure with no additional execution privileges needed. User 
interaction is not needed for exploitation. Patch ID: 





ALPS05495528; Issue ID: ALPS05495528. 








2021-10-25 








CVE-2021-0614 
MISC 
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Prima saii : CVSS Source & Patch 
Vendor -- india Description Published Score Info 
In RevertActiveSessions of apexd.cpp, there is a possible way to 
share the wrong file due to an unintentional MediaStore 
; downgrade. This could lead to local information disclosure with no CVE-2021-0702 
google -- android additional execution privileges needed. User interaction is needed ZOZI ee 18 MISC 
for exploitation.Product: AndroidVersions: Android-11Android ID: 
A-193932765 
The Great Quotes WordPress plugin through 1.0.0 does not 
great-quotes_project -- great- sanitise and escape the Quote and Author fields of its Quotes, 2021-10-25 3.5 CVE-2021-24785 
quotes which could allow high privilege users to perform Cross-Site ae MISC 
Scripting attacks even when the unfiltered_html is disallowed. 
"HCL Traveler Companion is vulnerable to an iOS weak CVE-2020-14264 
hcltech -- traveler_companion cryptographic process vulnerability via the included Mobilelron 2021-10-25 221 Msc 
AppConnect SDK" e 
There is a use-after-free (UAF) vulnerability in Huawei products. 
An attacker may craft specific packets to exploit this vulnerability. 
Successful exploitation may cause the service abnormal. Affected 
huawei -- product versions include:CloudEngine 12800 2021-10-27 33 CVE-2021-37122 
cloudengine_12800_firmware V200R005C10SPC800,V200R019CO00SPC800;CloudEngine 5800 = MISC 
V200R005C10SPC800,V200R019C00SPC800;CloudEngine 6800 
V200R005C10SPC800,V200R005C20SPC800,V200R019CO00SPG800;CloudEngi 
7800 V200R005C10SPC800,V200R019CO00SPC800. 
A component of the HarmonyOS has a Improper Input Validation CVE-2021-22453 
huawei -- harmonyos vulnerability. Local attackers may exploit this vulnerability to cause || 2021-10-28 2A Msc 
nearby process crash. B 
A component of the HarmonyOS has a Improper Input Validation CVE-2021-22452 
huawei -- harmonyos vulnerability. Local attackers may exploit this vulnerability to read 2021-10-28 2) mee =2=2=~COC~S# 
at any address. = 
There is a path traversal vulnerability in Huawei PC product. 
Because the product does not filter path with special 
characters,attackers can construct a file path with special CVE-2021-37124 
huawei -- pc_smart_full_scene characters to exploit this vulnerability. Successful exploitation 2021-10-27 23 Mee 
could allow the attacker to transport a file to certain path.Affected Go 
product versions include:PC Smart Full Scene 11.1 versions 
PCManager 11.1.1.97. 
IBM Jazz Team Server products are vulnerable to cross-site 
‘bin scripting. This vulnerability allows users to embed arbitrary CVE-2021-29673 
engineering_lifecycle_optimization JavaScript code in the Web UI thus altering the intended 2021-10-27 3.5 XF 
= = functionality potentially leading to credentials disclosure within a CONFIRM 
trusted session. IBM X-Force ID: 199482. 
IBM Jazz Team Server products are vulnerable to cross-site 
ibm -- scripting. This vulnerability allows users to embed arbitrary CVE-2021-29713 
engineering_lifecycle_optimization JavaScript code in the Web UI thus altering the intended 2021-10-27 3.5 XF 
= = functionality potentially leading to credentials disclosure within a CONFIRM 
trusted session. 
ANCOM WLAN Controller (Wireless Series & Hotspot) WLC-1000 
& WLC-4006 was discovered to contain multiple cross-site CVE-2020-23055 
lamcom systems = Icos scripting (XSS) vulnerabilities in the /authen/start/ module via the || 2021-10-22 | 35 [isc 
userid and password parameters. 
macrob7_macs_framework_content Macrob? MaçsFremework content Management System- tet 
ia = = = COPRAIMS Atios aie Scrip ing (XSS) vulnerability in the account 2021-10-22 35 CVE-2020-36498 
macrob7 mace trameworkcontent reset function, which allows attackers to execute arbitrary web = MISC 
= = = SOE ST eT PMs a crafted payload in the e-mail input field. 
A cross site scripting (XSS) vulnerability in menuedit.php of Mara CVE-2020-25422 
mara_cms_project -- mara_cms CMS 7.5 allows attackers to execute arbitrary web scripts or 2021-10-28 3:5 Msc 
HTML via a crafted payload. ce 
Stored Cross-Site Scripting vulnerability in McAfee ePolicy 
Orchestrator (ePO) prior to 5.10 Update 11 allows ePO CVE-2021-31834 
mcafee -- epolicy_orchestrator administrators to inject arbitrary web script or HTML via multiple 2021-10-22 35 CONFIRM 
parameters where the administrator's entries were not correctly Pp 
sanitized. 
The Responsive WordPress Slider WordPress plugin through 
2.2.0 does not sanitise and escape some of the Slider options, 
allowing Cross-Site Scripting payloads to be set in them. 
Furthermore, as by default any authenticated user is allowed to 
create Sliders (https://wordpress.org/support/topic/slider-can-be- CVE-2021-24544 
motopress -- motopress-slider-lite _ ||changed-from-any-user-even-subscriber/, such settings can be 2021-10-25 35 Msc 
changed in the plugin's settings), this would allow user with a role < 
as low as subscriber to perform Cross-Site Scripting attacks 
against logged in admins viewing the slider list and could lead to 
privilege escalation by creating a rogue admin account for 
example. 
MyBB before 1.8.28 allows stored XSS because the displayed CVE-2021-41866 
mybb -- mybb Template Name value in the Admin CP's theme management is 2021-10-26 35 CONFIRM 
not escaped properly. MISC 
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1.37 and earlier allows a remote authenticated attacker to inject 
an arbitrary script via unspecified vectors. 

















MISC 


Primary oar A CVSS Source & Patch 
Vendor -- Product Description Publlehed Score Info 
Folder Lock v3.4.5 was discovered to contain a stored cross-site 
scripting (XSS) vulnerability in the Create Folder function under CVE-2020-23039 
newsoftwares -- folder_lock the 'create' module. This vulnerability allows attackers to execute 2021-10-22 3:5 Msc 
arbitrary web scripts or HTML via a crafted payload as a path or ees 
folder name. 
Nextcloud is an open-source, self-hosted productivity platform. 
The Nextcloud Contacts application prior to version 4.0.3 was 
vulnerable to a stored Cross-Site Scripting (XSS) vulnerability. For 
exploitation, a user would need to right-click on a malicious file 
and open the file in a new tab. Due the strict Content-Security- CVE-2021-39221 
nextcloud -- contacts ; ; ; ae : j 2021-10-25 2.5 CONFIRM 
Policy shipped with Nextcloud, this issue is not exploitable on MISC 
modern browsers supporting Content-Security-Policy. It is ress 
recommended that the Nextcloud Contacts application is 
upgraded to 4.0.3. As a workaround, one may use a browser that 
has support for Content-Security-Policy. 
Nextcloud is an open-source, self-hosted productivity platform The 
Nextcloud Mail application prior to versions 1.10.4 and 1.11.0 
does by default not render images in emails to not leak the read a 
nextcloud -- mail state or user IP. The privacy filter failed to filter images with a 2021-10-25 35. MISC 
relative protocol. It is recommended that the Nextcloud Mail CONFIRM 
application is upgraded to 1.10.4 or 1.11.0. There are no known _ 
workarounds aside from upgrading. 
The Ninja Forms Contact Form WordPress plugin before 3.5.8.2 
does not sanitise and escape the custom class name of the form CVE-2021-24381 
ninjaforms -- contact_form field created, which could allow high privilege users to perform 2021-10-25 3.5 MISC. 
Cross-Site Scripting attacks even when the unfiltered_html Br 
capability is disallowed. 
NVIDIA GPU Display Driver for Windows contains a vulnerability 
ek ; i in the kernel mode layer (nviddmkm.sys), where a NULL pointer re CVE-2021-1116 
nvidia -- gpu_display_driver dereference in the kernel, created within user mode code, may EOZIN a1 CONFIRM 
lead to a denial of service in the form of a system crash. 
NVIDIA GPU Display Driver for Windows contains a vulnerability 
in the kernel mode layer (nviddmkm.sys) handler for private CVE-2021-1115 
nvidia -- gpu_display_driver IOCTLs, where an attacker with local unprivileged system access || 2021-10-27 2.1 CONFIRM 
may cause a NULL pointer dereference, which may lead to denial se 
of service in a component beyond the vulnerable component. 
The Video Gallery â€“ Vimeo and YouTube Gallery WordPress 
aia E ere plugin through 1.1.4 does not escape the Title and Description of 40. CVE-2021-24515 
origincode -- smart-grid-gallery the videos in a gallery before outputting them in attributes, leading 2021519749 35 MISC 
to Stored Cross-Site Scripting issues 
This vulnerability allows local attackers to disclose sensitive 
information on affected installations of Parallels Desktop 16.1.3 
(49160). An attacker must first obtain the ability to execute low- 
privileged code on the target guest system in order to exploit this is € 
arallels-< parallels deskto vulnerability. The specific flaw exists within the Toolgate 2024-10-25 21 n e 
P p = P component. The issue results from the lack of proper initialization = N/A 
of memory prior to accessing it. An attacker can leverage this in = 
conjunction with other vulnerabilities to escalate privileges and 
execute arbitrary code in the context of the hypervisor. Was ZDI- 
CAN-13592. 
Perfex CRM v2.4.4 was discovered to contain a stored cross-site CVE-2020-28961 
perfexcrm -- perfex_crm scripting (XSS) vulnerability in the component ./clients/client via 2021-10-22 3.5 MSC .OCOC~™S 
the company name parameter. B 
Pi-hole's Web interface (based on AdminLTE) provides a central 
location to manage one's Pi-hole and review the statistics oa 
pi-hole -- web_interface generated by FTLDNS. Prior to version 5.8, cross-site scripting is || 2021-10-26 3:8 Msc 
possible when adding a client via the groups-clients management MISC 
page. This issue was patched in version 5.8. E 
Shopware is open source e-commerce software. Versions prior to 
5.7.6 contain a cross-site scripting vulnerability. This issue is CVE-2021-41188 
patched in version 5.7.6. Two workarounds are available. Using MISC 
the security plugin or adding a particular following config to the MISC 
shopware -- shopware `.htaccess` file will protect against cross-site scripting in this case. 2021-10-26 35 CONFIRM 
There is also a config for those using nginx as a server. The plugin MISC 
and the configs can be found on the GitHub Security Advisory MISC 
page for this vulnerability. 
Cross-site scripting vulnerability in Movable Type Movable Type CVE-2020-5669 
sixapart -- movable_type Premium 1.37 and earlier and Movable Type Premium Advanced 2021-10-26 3.5 Msc 
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for a locked instance of macOS. 


Primary ore A CVSS Source & Patch 
Vendor -- Product Description Publlehed Score Info 
The Formidable Form Builder â€“ Contact Form, Survey & Quiz 
strateay11 -- Forms Plugin for WordPress plugin before 5.0.07 does not CVE-2021-24608 
Paha ca form. builder sanitise and escape its Form's Labels, allowing high privileged 2021-10-25 3:5 CONFIRM 
= = users to perform Cross-Site Scripting attacks even when the MISC 
unfiltered_html capability is disallowed 
Multiple cross-site scripting (XSS) vulnerabilities in the Support 
module of SugarCRM v6.5.18 allows attackers to execute arbitrary CVE-2020-36501 
skgarenn==sugarein web scripts or HTML via crafted payloads entered into the primary ca 35 MISC 
address state or alternate address state input fields. 
SugarCRM v6.5.18 was discovered to contain a cross-site 
scripting (XSS) vulnerability in the Create Employee module. This CVE-2020-28955 
sugarcrm -- sugarcrm vulnerability allows attackers to execute arbitrary web scripts or 2021-10-22 3.5 Msc 
HTML via a crafted payload in the First Name or Last Name input e 
fields. 
Multiple cross-site scripting (XSS) vulnerabilities in the Sales 
module of SugarCRM v6.5.18 allows attackers to execute arbitrary CVE-2020-28956 
Pugarcrm-=sugarcmn web scripts or HTML via crafted payloads entered into the primary PORNO AE Š MISC 
address state or alternate address state input fields. 
TAO Open Source Assessment Platform v3.3.0 RC02 was 
discovered to contain a cross-site scripting (XSS) vulnerability in CVE-2020-36499 
taotesting -- assessment_platform the content parameter of the Rubric Block (Add) module. This 2021-10-22 3:5 Msc 
vulnerability allows attackers to execute arbitrary web scripts or CE 
HTML via a crafted payload in the rubric name value. 
The Web Reporting component of TIBCO Software Inc.'s TIBCO 
Nimbus contains easily exploitable Stored Cross Site Scripting 
(XSS) vulnerabilities that allow a low privileged attacker to social 
engineer a legitimate user with network access to execute scripts CVE-2021-35499 
tibco -- nimbus targeting the affected system or the victim's local system. A 2021-10-26 3.5 CONFIRM 
successful attack using this vulnerability requires human CONFIRM 
interaction from a person other than the attacker. Affected 
releases are TIBCO Software Inc.'s TIBCO Nimbus: versions 
10.4.0 and below. 
The Visual Form Builder WordPress plugin before 3.0.4 does not 
: : sanitise or escape its Form Name, allowing high privilege users CVE-2021-24514 
vfbpro = visual_form_builder such as admin to set Cross-Site Scripting payload in them, even 2021-19729 35 MISC 
when the unfiltered_html capability is disallowed 
The Video Player for YouTube WordPress plugin before 1.4 does 
F : not sanitise or validate the parameters from its shortcode, allowing 
Mara T aaa ~ |lusers with a role as low as contributor to set Cross-Site Scripting 2021-10-25 3.5 ee 
—p'ayer_tor_y payload in them which will be triggered in the page/s with the e 
embed malicious shortcode 
The Special Text Boxes WordPress plugin through 5.9.109 does 
wp-special-textboxes_project -- wp- |jnot sanitise or escape some of its settings, which could allow high 2021-10-25 35 CVE-2021-24485 
special-textboxes privilege users to perform Cross-Site Scripting attacks even when a MISC 
the unfiltered_html is disallowed. 
Back to top 
Severity Not Yet Assigned 
Primary ae : CVSS Source & Patch 
Vendor -- Product Descripton Punished | Score Info 
abb -- pcm600 A certificate validation vulnerability in PCM600 Update Manager fot yet CVE-2021-22278 
P allows attacker to get unwanted software packages to be installed || 2021-10-28 uated MISC 
on computer which has PCM600 installed. MISC 
: : The issue was addressed with improved permissions logic. This 
apple ios and. ipadas issue is fixed in iOS 15 and iPadOS 15. An attacker with physical | 2021-10-28 | TOtvel [=ve-2021-30816 
access to a device may be able to see private contact information. eo 
A memory corruption issue was addressed with improved state 
apple — macos management. This issue is fixed in macOS Monterey 12.0.1, not vet i n 
pp Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. A 2021-10-28 y Fae 
oar eee : 3 calculated ||MISC 
malicious application may be able to execute arbitrary code with MISC 
kernel privileges. = 
A resource exhaustion issue was addressed with improved input 
apple -- macos validation. This issue is fixed in macOS Big Sur 11.0.1. An 2021-10-28 not yet ||CVE-2020-10005 
attacker in a privileged network position may be able to perform calculated |MISC 
denial of service. 
This issue was addressed with improved checks. This issue is 
apple -- macos fixed in macOS Monterey 12.0.1. A person with access to a host 2021-10-28 not yet CVE-2021-30813 
Mac may be able to bypass the Login Window in Remote Desktop calculated |MISC 
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the server via the "id" parameter. 

















Prima sii : CVSS Source & Patch 
Vendor -- india Description Published Score Info 
A permissions issue was addressed with improved validation. This 
apple -- macos issue is fixed in macOS Big Sur 11.5. A malicious application may 2021-10-28 not yet ||CVE-2021-30817 
be able to access data about the accounts the user is using calculated |MISC 
Family Sharing with. 
A memory corruption issue was addressed with improved memory 
apblosamacos handling. This issue is fixed in macOS Monterey 12.0.1, Security notvet meee 
pp Update 2021-007 Catalina, macOS Big Sur 11.6.1. A malicious 2021-10-28 cued MISC 
application may be able to execute arbitrary code with kernel MISC 
privileges. pesn 
An out-of-bounds read was addressed with improved input 
apple -- macos validation. This issue is fixed in macOS Big Ur OTA 2021-10-28 || notyet |CVE-2020-29629 
ae pane - calculated ||MISC 
malicious application may be able to read restricted memory. 
This issue was addressed with improved checks. This issue is 
apple==macos fixed in macOS Monterey 12.0.1. Uneaeg a maliciously crafted || 2021-10-28 || Notyet |CVE-2021-30833 
: f k : calculated |MISC 
archive may allow an attacker to write arbitrary files. 
A type confusion issue was addressed with improved state eee 
handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, tvOS not yet MISC 
apple -- multiple_products 15, iOS 15 and iPadOS 15, Safari 15, watchOS 8. Processing 2021-10-28 y AFA 
a : calculated |MISC 
maliciously crafted web content may lead to arbitrary code MISC 
execution. MISC 
CVE-2021-30823 
A logic issue was addressed with improved restrictions. This issue MISC 
i is fixed in macOS Monterey 12.0.1, iOS 14.8 and iPadOS 14.8, not yet MISC 
apple = imultiple products tvOS 15, Safari 15, watchOS 8. An attacker in a privileged 2021-10-28 || calculated MISC 
network position may be able to bypass HSTS. MISC 
MISC 
This issue was addressed with improved checks. This issue is CVE-2021-30808 
apple -- multiple_products fixed in tvOS 15, watchOS 8, iOS 15 and iPadOS 15. A malicious 2021-10-28 not yet MISC 
application may be able to modify protected parts of the file calculated |MISC 
system. MISC 
A use after free issue was addressed with improved memory oo 
apple -- multiple_products management. This issue is fixed in Safari 15, tvOS 15, watchOS 2021-10-28 not yet MISC 
8, iOS 15 and iPadOS 15. Processing maliciously crafted web calculated MISC 
content may lead to arbitrary code execution. MISC 
A memory corruption issue was addressed with improved input CVE-2021-30814 
apple -- multiple_products validation. This issue is fixed in tvOS 15, watchOS 8, iOS 15 and 2021-10-28 not yet MISC 
iPadOS 15. Processing a maliciously crafted image may lead to calculated |MISC 
arbitrary code execution. MISC 
A logic issue was addressed with improved state management. CVE-2021-1821 
apple -- multiple_products This issue is fixed in watchOS 7.6, macOS Big Sur 11.5. Visiting a 2021-10-28 not yet Msc 
maliciously crafted webpage may lead to a system denial of calculated MISC 
service. DPR 
An out-of-bounds write was addressed with improved input CVE-2020-9897 
apple -- multiple_products validation. This issue is fixed in iOS 14.2 and iPadOS 14.2, 2021-10-28 not yet MISC... 
macOS Big Sur 11.0.1. Processing a maliciously crafted PDF may calculated MISC 
lead to arbitrary code execution. na 
An out-of-bounds read was addressed with improved input CVE-2021-30831 
apple -- multiple_products validation. This issue is fixed in tvOS 15, watchOS 8, iOS 15 and 2021-10-28 not yet MISC 
iPadOS 15. Processing a maliciously crafted font may result in the calculated |MISC 
disclosure of process memory. MISC 
A logic issue was addressed with improved state management. ain 
: This issue is fixed in iOS 14.8 and iPadOS 14.8, tvOS 15, iOS 15 
apple -- multiple_products and iPadOS 15, watchOS 8, Security Update 2021-007 Catalina. | 2021-10-28 | "otyet |MISC 
A he Bapa ; calculated |MISC 
Processing a malicious audio file may result in unexpected MISC 
application termination or arbitrary code execution. MISC 
An out-of-bounds read was addressed with improved input T 
apple -- multiple_products validation. This issue is fixed in iOS 14.8 and iPadOS 14.8, tvOS 2021-10-28 not yet MISC 
15, watchOS 8, iOS 15 and iPadOS 15. Processing a maliciously calculated MISC 
crafted audio file may disclose restricted memory. MISC 
This issue was addressed with improved checks. This issue is CVE-2021-30840 
apple -- multiple_products fixed in tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Processing 2021-10-28 not yet MISC 
a maliciously crafted dfont file may lead to arbitrary code calculated ||MISC 
execution. MISC 
A directory traversal vulnerability in the component 
baijiacms -- baijiacms system/manager/class/web/database.php was discovered in 2021-10-29 not yet CVE-2020-25873 
Baijiacms V4 which allows attackers to arbitrarily delete folders on calculated ||MISC 
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Primary MPE A CVSS Source & Patch 
Vendor -- Product Description eubilehed Score Info 
In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3-S1 
-> 9.11.35-S1 and 9.16.8-S1 -> 9.16.21-S1 of BIND Supported 
Preview Edition, as well as release versions 9.17.0 -> 9.17.18 of 
bind--bihd the BIND 9.17 development branch, exploitation of broken not vet CVE-2021-25219 
authoritative servers using a flaw in response processing can 2021-10-27 ee ued CONFIRM 
cause degradation in BIND resolver performance. The way the DEBIAN 
lame cache is currently designed makes it possible for its internal 
data structures to grow almost infinitely, which may cause 
significant delays in client query processing. 
Execution with Unnecessary Privileges vulnerability in Bitdefender 
Endpoint Security Tools, Total Security allows a local attacker to 
bitdefender -- elevate to 'NT AUTHORITY\System. Impersonation enables the 
endpoint_secruity_tools server thread to perform actions on behalf of the client but within 2021-10-28 dita eee 
the limits of the client's security context. This issue affects: D 
Bitdefender Endpoint Security Tools versions prior to 7.2.1.65. 
Bitdefender Total Security versions prior to 25.0.26. 
Incorrect Default Permissions vulnerability in the 
bdservicehost.exe and Vulnerability.Scan.exe components as 
bitdefender -- used in Bitdefender Endpoint Security Tools for Windows, Total 
endpoint_secruity_tools Security allows a local attacker to elevate privileges to NT 2021-10-28 a. d e 
AUTHORITY\SYSTEM This issue affects: Bitdefender Endpoint n 
Security Tools for Windows versions prior to 7.2.1.65. Bitdefender 
Total Security versions prior to 7.2.1.65. 
Improper Limitation of a Pathname to a Restricted Directory ('Path 
: : Traversal’) vulnerability in the UpdateServer component of 
bitdefender -- gravityzone Bitdefender GravityZone allows an attacker to execute arbitrary 2021-10-28 Plate rae 
code on vulnerable instances. This issue affects: Bitdefender Pe 
GravityZone versions prior to 3.3.8.249. 
bookstack -- bookstack bookstack is vulnerable to Unrestricted Upload of File with 2021-10-27 not yet as 
Dangerous Type calculated CONFIRM 
CVE-2011-4125 
A untrusted search path issue was found in Calibre at notvét MISC 
calibre -- calibre devices/linux_mount_helper.c leading to the ability of unprivileged || 2021-10-27 M MISC 
calculated 
users to execute any program as root. MISC 
MISC 
CVE-2011-4126 
Race condition issues were found in Calibre at ñotvét MISC 
calibre -- calibre devices/linux_mount_helper.c allowing unprivileged users the 2021-10-27 y MISC 
ii f calculated 
ability to mount any device to anywhere. MISC 
MISC 
CVE-2011-4124 
alibre=calibre Input validation issues were found in Calibre at notvét MISC 
devices/linux_mount_helper.c which can lead to argument 2021-10-27 M MISC 
SE : =e calculated 
injection and elevation of privileges. MISC 
MISC 
cfeengine -- enterprise CFEngine Enterprise 3.15.0 through 3.15.4 has Missing SSL not yet CVE-2021-86756 
i ones 2021-10-27 MISC 
Certificate Validation. calculated 
MISC 
cfeengine -- enterprise The Hub in CFEngine Enterprise 3.6.7 through 3.18.0 has not yet CVE-2021-38379 
ae ; : 2021-10-27 MISC 
Insecure Permissions that allow local Information Disclosure. calculated MISC 
DEXT5 Upload 5.0.0.117 and earlier versions contain a 
dext5 -- dext5 vulnerability, which could allow remote attacker to download and 2021-10-28 not yet |CVE-2020-7875 
execute remote file by setting the argument, variable in the calculated |MISC 








activeX module. This can be leveraged for code execution. 
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Source & Patch 
Info 








dhis2 -- dhis2 


DHIS 2 is an information system for data capture, management, 
validation, analytics and visualization. A SQL Injection vulnerability 
in the Tracker component in DHIS2 Server allows authenticated 
remote attackers to execute arbitrary SQL commands via 
unspecified vectors. This vulnerability affects the 
`/api/trackedEntitylnstances` and 
`/api/trackedEntitylnstances/query` API endpoints in all DHIS2 
versions 2.34, 2.35, and 2.36. It also affects versions 2.32 and 
2.33 which have reached _end of support_ - exceptional security 
updates have been added to the latest *end of support* builds for 
these versions. Versions 2.31 and older are unaffected. The 
system is vulnerable to attack only from users that are logged in to 
DHIS2, and there is no known way of exploiting the vulnerability 
without first being logged in as a DHIS2 user. The vulnerability is 
not exposed to a non-malicious user - the vulnerability requires a 
conscious attack to be exploited. A successful exploit of this 
vulnerability could allow the malicious user to read, edit and delete 
data in the DHIS2 instance. There are no known exploits of the 
security vulnerabilities addressed by these patch releases. 
Security patches are available in DHIS2 versions 2.32-EOS, 2.33- 
EOS, 2.34.7, 2.35.7, and 2.36.4. There is no straightforward 
known workaround for DHIS2 instances using the Tracker 
functionality other than upgrading the affected DHIS2 server to 
one of the patches in which this vulnerability has been fixed. For 
implementations which do NOT use Tracker functionality, it may 
be possible to block all network access to POST to the 
*/api/trackedEntityInstances’, and 
*/api/trackedEntityInstances/query’ endpoints as a temporary 
workaround while waiting to upgrade. 


2021-10-29 


not yet 
calculated 


CVE-2021-39179 
CONFIRM 

MISC 

MISC 








dspace -- dspace 


DSpace is an open source turnkey repository application. In 
version 7.0, any community or collection administrator can 
escalate their permission up to become system administrator. This 
vulnerability only exists in 7.0 and does not impact 6.x or below. 
This issue is patched in version 7.1. As a workaround, users of 7.0 
may temporarily disable the ability for community or collection 
administrators to manage permissions or workflows settings. 


2021-10-29 


not yet 
calculated 


CVE-2021-41189 
MISC 

MISC 

CONFIRM 

MISC 








dxgkddiescape -- dxgkddiescape 


Windows contains a vulnerability in the kernel mode layer 
(nviddmkm.sys) handler for DxgkDdiEscape, where an attacker 
through specific configuration and with local unprivileged system 
access may cause improper input validation, which may lead to 
denial of service. 


2021-10-27 


not yet 
calculated 


CVE-2021-1117 
CONFIRM 








firefly-iii -- firefly-iii 


firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) 


2021-10-27 


not yet 
calculated 





CVE-2021-3901 
MISC 
CONFIRM 








flatcore-cms -- flatcore-cms 


flatcore-cms is vulnerable to Unrestricted Upload of File with 
Dangerous Type 


2021-10-28 


not yet 
calculated 





CVE-2021-3745 
CONFIRM 
MISC 








fluentd -- fluentd 











Fluentd collects events from various data sources and writes them 
to files to help unify logging infrastructure. The parser_apache2 
plugin in Fluentd v0.14.14 to v1.14.1 suffers from a regular 
expression denial of service (ReDoS) vulnerability. A broken 
apache log with a certain pattern of string can spend too much 
time in a regular expression, resulting in the potential for a DoS 
attack. This issue is patched in version 1.14.2 There are two 
workarounds available. Either don't use parser_apache2 for 
parsing logs (which cannot guarantee generated by Apache), or 
put patched version of parser_apache2.rb into /etc/fluent/plugin 
directory (or any other directories specified by the environment 
variable `FLUENT_PLUGIN` or `--plugin` option of fluentd). 








2021-10-29 





not yet 
calculated 








CVE-2021-41186 
MISC 

MISC 

CONFIRM 








https://content.govdelivery.com/accounts/USDHSCISA/bulletins/2fa3235 


26/34 








11/1/21, 2:32 PM 


Vulnerability Summary for the Week of October 25, 2021 





Primary 
Vendor -- Product 


Description 


Published 


CVSS 
Score 


Source & Patch 
Info 








freeswitch -- freeswitch 


FreeSWITCH is a Software Defined Telecom Stack enabling the 
digital transformation from proprietary telecom switches to a 
software implementation that runs on any commodity hardware. 
Prior to version 1.10.7, FreeSWITCH does not authenticate SIP 
MESSAGE requests, leading to spam and message spoofing. By 
default, SIP requests of the type MESSAGE (RFC 3428) are not 
authenticated in the affected versions of FreeSWITCH. 
MESSAGE requests are relayed to SIP user agents registered 
with the FreeSWITCH server without requiring any authentication. 
Although this behaviour can be changed by setting the ‘auth- 
messages’ parameter to ‘true’, it is not the default setting. Abuse 
of this security issue allows attackers to send SIP MESSAGE 
messages to any SIP user agent that is registered with the server 
without requiring authentication. Additionally, since no 
authentication is required, chat messages can be spoofed to 
appear to come from trusted entities. Therefore, abuse can lead to 
spam and enable social engineering, phishing and similar attacks. 
This issue is patched in version 1.10.7. Maintainers recommend 
that this SIP message type is authenticated by default so that 
FreeSWITCH administrators do not need to be explicitly set the 
‘auth-messages’ parameter. When following such a 
recommendation, a new parameter can be introduced to explicitly 
disable authentication. 


2021-10-25 


not yet 
calculated 


CVE-2021-37624 
CONFIRM 

MISC 

MLIST 
FULLDISC 

MISC 








frogcms -- frogems 


A vulnerability exists within the FileManagerController.php function 
in FrogCMS 0.9.5 which allows an attacker to perform a directory 
traversal attack via a GET request urlencode parameter. 


2021-10-29 


not yet 
calculated 


CVE-2020-25872 
MISC 








godomall5 -- godomall5 


The move_uploaded_file function in godomall5 does not perform 
an integrity check of extension or authority when user upload file. 
This vulnerability allows an attacker to execute an remote arbitrary 
code. 


2021-10-27 


not yet 
calculated 


CVE-2021-26610 
MISC 








gradle -- enterprise 


In Gradle Enterprise before 2021.3 (and Enterprise Build Cache 
Node before 10.0), there is potential cache poisoning and remote 
code execution when running the build cache node with its default 
configuration. This configuration allows anonymous access to the 
configuration user interface and anonymous write access to the 
build cache. If access control to the build cache is not changed 
from the default open configuration, a malicious actor with network 
access can populate the cache with manipulated entries that may 
execute malicious code as part of a build process. This applies to 
the build cache provided with Gradle Enterprise and the separate 
build cache node service if used. If access control to the user 
interface is not changed from the default open configuration, a 
malicious actor can undo build cache access control in order to 
populate the cache with manipulated entries that may execute 
malicious code as part of a build process. This does not apply to 
the build cache provided with Gradle Enterprise, but does apply to 
the separate build cache node service if used. 


2021-10-27 


not yet 
calculated 


CVE-2021-41589 
MISC 
MISC 








gradle -- enterprise 


In Gradle Enterprise through 2021.3, probing of the server-side 
network environment can occur via an SMTP configuration test. 
The installation configuration user interface available to 
administrators allows testing the configured SMTP server settings. 
This test function can be used to identify the listening TCP ports 
available to the server, revealing information about the internal 
network environment. 


2021-10-27 


not yet 
calculated 


CVE-2021-41590 
MISC 
MISC 








gradle -- enterprise 


An issue was discovered in Gradle Enterprise before 2021.1.2. 
There is potential remote code execution via the application 
startup configuration. The installation configuration user interface 
(available to administrators) allows specifying arbitrary Java 
Virtual Machine startup options. Some of these options, such as - 
XX:OnOutOfMemoryError, allow specifying a command to be run 
on the host. This can be abused to run arbitrary commands on the 
host, should an attacker gain administrative access to the 
application. 


2021-10-27 


not yet 
calculated 


CVE-2021-41619 
MISC 
MISC 








grandstream -- 
ht801_analog_telephone_adaptor 


An issue was discovered on the Grandstream HT801 Analog 
‘Telephone Adaptor before 1.0.29.8. From the limited configuration 
shell, it is possible to set the malicious gdb_debug_ server 
variable. As a result, after a reboot, the device downloads and 
executes malicious scripts from an attacker-defined host. 


2021-10-28 


not yet 
calculated 


CVE-2021-37915 
MISC 
MISC 
MISC 








grandstream -- ht801_ devices 











Multiple buffer overflows in the limited configuration shell 
(/sbin/gs_config) on Grandstream HT801 devices before 1.0.29 
allow remote authenticated users to execute arbitrary code as root 
via a crafted manage_if setting, thus bypassing the intended 
restrictions of this shell and taking full control of the device. There 
are default weak credentials that can be used to authenticate. 








2021-10-28 





not yet 
calculated 








CVE-2021-37748 
MISC 
MISC 
MISC 
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Primary ae A CVSS Source & Patch 
Vendor -- Product Description Publlehed | Score Info 

A component of the HarmonyOS has a NULL Pointer Dereference 

harmonyos -- harmonyos vulnerability. Local attackers may exploit this vulnerability to cause || 2021-10-28 o e Me 
System functions which are unavailable. e 
A component of the HarmonyOS has a Insufficient Verification of 

harmonyos -- harmonyos Data Authenticity vulnerability. Local attackers may exploit this 2021-10-28 Pe tke ae 
vulnerability to bypass the control mechanism. lesen 
A component of the HarmonyOS has a Incomplete Cleanup ? P 

harmonyos -- harmonyos vulnerability. Local attackers may exploit this vulnerability to cause || 2021-10-28 P aF we 
memory exhaustion. B 
A component of the HarmonyOS has a Improper Restriction of 

harmonyos -- harmonyos Operations within the Bounds of a Memory Buffer vulnerability. 2021-10-28 not yet ||CVE-2021-22458 
Local attackers may exploit this vulnerability to cause arbitrary calculated ||MISC 
code execution. 
A component of the HarmonyOS has a Improper Input Validation 

harmonyos -- harmonyos vulnerability. Local attackers may exploit this vulnerability to cause || 2021-10-28 Pah ea 
out-of-bounds write. aa 
A component of the HarmonyOS has a Data Processing Errors 

harmonyos = harmonyos vulnerability. Local attackers may exploit this vulnerability to cause || 2021-10-28 ad ri eames 
Kernel System unavailable. = 
A component of the HarmonyOS has a Integer Overflow or 

harmonyos -- harmonyos Wraparound vulnerability. Local attackers may exploit this 2021-10-28 a oe 
vulnerability to cause the memory which is not released. comm 
A component of the HarmonyOS has a External Control of System 

harmonyos -- harmonyos or Configuration Setting vulnerability. Local attackers may exploit 2021-10-28 iaei — 
this vulnerability to cause core dump. n 
A component of the HarmonyOS has a Integer Overflow or 

harmonyos -- harmonyos Wraparound vulnerability. Local attackers may exploit this 2021-10-28 aee T 
vulnerability to cause memory overwriting. Ae 
A component of the HarmonyOS has a NULL Pointer Dereference 

harmonyos -- harmonyos vulnerability. Local attackers may exploit this vulnerability to cause || 2021-10-28 a ae oe 
kernel crash. calcutated ee 
A component of the HarmonyOS has a Use After Free 

harmonyos -- harmonyos vulnerability . Local attackers may exploit this vulnerability to 2021-10-28 || Dot yet 7 aera 
cause Kernel Information disclosure. a 
A component of the HarmonyOS has a NULL Pointer Dereference 

harmonyos -- harmonyos vulnerability. Local attackers may exploit this vulnerability to cause || 2021-10-28 Re -e 
nearby process crash. ne 
A component of the HarmonyOS has a Privileges Controls 

harmonyos -- harmonyos vulnerability. Local attackers may exploit this vulnerability to 2021-10-28 || Not yet oo 
expand the Recording Trusted Domain. ——— 
A component of the HarmonyOS has a Out-of-bounds Read 

harmonyos = harmonyos vulnerability. Local attackers may exploit this vulnerability to cause || 2021-10-28 eed oo 
kernel out-of-bounds read. = 
A component of the HarmonyOS has a Exposure of Sensitive 

harmonyos== harmonygs Information to an Unauthorized Actor vulnerability. Local attackers || 2021-10-28 a - d eo 
may exploit this vulnerability to cause kernel address leakage. ee 
A component of the HarmonyOS has a Improper Input Validation 

harmonyos = harmonyos vulnerability. Local attackers may exploit this vulnerability to read 2021-10-28 m ee oo 
at any address. catcurated jis 
A component of the HarmonyOS has a Use After Free 

harmonyos -- harmonyos vulnerability. Local attackers may exploit this vulnerability to cause || 2021-10-28 dia A ee 
kernel crash. calculated ue 
A component of the HarmonyOS has a Heap-based Buffer 

harmonyos -- harmonyos Overflow vulnerability. Local attackers may exploit this vulnerability] 2021-10-28 || Ot yet | "renee 
to cause Kernel System unavailable. ae 
A component of the HarmonyOS has a Out-of-bounds Read 

harmonyos -- harmonyos vulnerability. Local attackers may exploit this vulnerability to cause || 2021-10-28 hi a ans 
system Soft Restart. pecs 
A component of the HarmonyOS has a Allocation of Resources 

harmonyos -- harmonyos Without Limits or Throttling vulnerability. Local attackers may 2021-10-28 || ot yet ao 
exploit this vulnerability to cause nearby process crash. Door 

hewlett_packard -- laserjet Certain HP Enterprise LaserJet and PageWide MFPs may be 2021-10-29 not yet ||CVE-2021-3662 
vulnerable to stored cross site scripting (XSS). calculated |MISC 

hewlett_packard -- A potential security vulnerability has been identified for the HP ? : 

officejet 7110_eprinter OfficeJet 7110 Wide Format ePrinter that enables Cross-Site 2021-10-29 | T o ee 
Scripting (XSS). calculated |Milsy 

; ; : There is a SSID vulnerability with Wi-Fi network connections in 

huawei =- multiple devicgs Huawei devices.Successful exploitation of this vulnerability may || 2021-10-28 | TOtyet aa en 

affect service confidentiality. E 
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Primary oar A CVSS Source & Patch 
Vendor -- Product Description Publlehed | Score Info 
There is an Improper verification vulnerability in Huawei 
huawei -- smartphones Smartphone.Successful exploitation of this vulnerability may affect|| 2021-10-28 o v7 me 
service confidentiality. a 
There is an Uncaught Exception vulnerability in Huawei 
huawei -- smartphones Smartphone.Successful exploitation of this vulnerability will cause || 2021-10-28 Pe tie ae 
the app to exit unexpectedly. lamers 
There is an Out-of-bounds read vulnerability in Huawei 
huawei -- smartphones Smartphone. Successful exploitation of this vulnerability may 2021-10-28 Pele na wee 
affect service availability. T 
There is a issue that trustlist strings being repeatedly inserted into 
: the linked list in Huawei Smartphone due to race conditions. not yet ||CVE-2021-36994 
huawei -- smartphones Successful exploitation of this vulnerability can cause exceptions 2021-10-28 || calculated [MISC 
when managing the system trustlist. 
There is a issue that nodes in the linked list being freed for 
, multiple times in Huawei Smartphone due to race conditions. not yet |CVE-2021-36987 
HRA Wel = SmanpPNOnes Successful exploitation of this vulnerability can cause the system 2021-10-28 || calculated MISC 
to restart. 
There is an Unauthorized file access vulnerability in Huawei 
` Smartphone.Successful exploitation of this vulnerability by not yet ||CVE-2021-36995 
huawei — smartphones modifying soft links may tamper with the files restored from 2021-10-28 || calculated [MISC 
backups. 
There is a Public key verification vulnerability in Huawei 
huawei -- smartphones Smartphone.Successful exploitation of this vulnerability may affect || 2021-10-28 Pliner -T 
service confidentiality. S 
There is a issue of Unstandardized field names in Huawei 
huawei -- smartphones Smartphone. Successful exploitation of this vulnerability may 2021-10-28 Rte eo 
affect service confidentiality. Ae 
There is a Permission verification vulnerability in Huawei 
huawei -- smartphones Smartphone.Successful exploitation of this vulnerability may affect|| 2021-10-28 oa a ama 
the device performance. E 
There is a Low memory error in Huawei Smartphone due to the 
ea unlimited size of images to be parsed.Successful exploitation of ETE not yet ||CVE-2021-36997 
huawei ==-smartphones this vulnerability may cause the Gallery or Files app to exit 202110729: calculated ||MISC 
unexpectedly. 
There is a Logic Bypass vulnerability in Huawei 
huawei -- smartphones Smartphone.Successful exploitation of this vulnerability may affect|| 2021-10-28 as i en 
service integrity and availability. eee 
There is an Improper permission management vulnerability in 2 £ 
huawei -- smartphones Huawei Smartphone.Successful exploitation of this vulnerability 2021-10-28 ita Ie Aen 
may affect service confidentiality. S 
There is an Out-of-bounds memory access in Huawei 
huawei -- smartphones Smartphone.Successful exploitation of this vulnerability may 2021-10-28 Beli tet fee 
cause process exceptions. res 
There is a vulnerability of hijacking unverified providers in Huawei 
huawei -- smartphones Smartphone.Successful exploitation of this vulnerability may allow 2021-10-28 not yet CVE-2021-22403 
attackers to hijack the device and forge Uls to induce users to calculated |MISC 
execute malicious commands. 
À There is a Memory out-of-bounds access vulnerability in Huawei 
huawei -- smartphones Smartphone.Successful exploitation of this vulnerability may 2021-10-28 Ra o 
cause malicious code to be executed. Era 
; There is an Improper verification vulnerability in Huawei 
huawei -- smartphones Smartphone.Successful exploitation of this vulnerability may 2021-10-28 pea -i 
cause transmission of certain virtual information. == 
: There is a Register tampering vulnerability in Huawei 
huawei — smartphones Smartphone.Successful exploitation of this vulnerability may allow || 2021-10-28 Sed oe 
the register value to be modified. ieee 
: There is an Improper verification vulnerability in Huawei 
huawei -- smartphones Smartphone.Successful exploitation of this vulnerability may allow || 2021-10-28 not yet vaste 
h calculated ||MISC 
attempts to read an array that is out of bounds. ——— 
There is a Buffer overflow vulnerability in Huawei 
huawei -- smartphones Smartphone.Successful exploitation of this vulnerability by 2021-10-28 not yet ||CVE-2021-36999 
sending malicious images and inducing users to open the images calculated |MISC 
may cause remote code execution. 
: There is a Memory leaks vulnerability in Huawei 
nuawei= smanphones Smartphone.Successful exploitation of this vulnerability may affect|| 2021-10-28 ear ao 
service availability. legs 
: There is a Parameter verification issue in Huawei 
nuawer= smartphones Smartphone.Successful exploitation of this vulnerability can affect || 2021-10-28 ea eee 
service integrity. ps 
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Primary oar A CVSS Source & Patch 
Vendor -- Product Description eubllehed | Score Info 
' There is a Kernel crash vulnerability in Huawei 
nea ebeseiian PAM er Smartphone.Successful exploitation of this vulnerability may 2021-10-28 o ae ee 
escalate permissions. e 
: There is a vulnerability of tampering with the kernel in Huawei 
nuawer= smartphones Smartphone.Successful exploitation of this vulnerability may 2021-10-28 Pe tke 71 e 
escalate permissions. pera 
There is an Unauthorized file access vulnerability in Huawei 
huawei -- smartphones Smartphone due to unstandardized path input.Successful 2021-10-28 not yet |CVE-2021-36991 
exploitation of this vulnerability by creating malicious file paths can calculated ||MISC 
cause unauthorized file access. 
: There is a vulnerability of tampering with the kernel in Huawei 
huawei -- smartphones Smartphone.Successful exploitation of this vulnerability may 2021-10-28 Falta a 
escalate permissions. (pene 
huawei smartphones There is an Input verification vulnerability in Huawei not yet ICVE-2021-22491 
p Smartphone.Successful exploitation of this vulnerability may affect|| 2021-10-28 eaicuaied Msc 
service availability. Eana 
There is an Unauthorized file access vulnerability in Huawei 
huawei -- smartphones Smartphone.Successful exploitation of this vulnerability by 2021-10-28 not yet ||CVE-2021-22488 
modifying soft links may tamper with the files restored from calculated ||MISC 
backups. 
huawei -- smartphones There is a issue of IP address spoofing in Huawei Smartphone. 2021-10-28 not yet |CVE-2021-22483 
Successful exploitation of this vulnerability may cause DoS. calculated ||MISC 
: There is an Uninitialized variable vulnerability in Huawei 
huawei > smartphones Smartphone.Successful exploitation of this vulnerability may 2021-10-28 e T 
cause transmission of invalid data. ose 
huaweiceemmarbhones There is a Verification errors vulnerability in Huawei not yet |ICVE-2021-22481 
P Smartphone.Successful exploitation of this vulnerability may affect|| 2021-10-28 eer Msc 
service confidentiality. races 
o There is an Authentication vulnerability in Huawei 
huawei -- smartphones Smartphone.Successful exploitation of this vulnerability may affect|| 2021-10-28 i ae a 
service confidentiality. B 
: There is a Configuration defects in Huawei 
huawei -- smartphones Smartphone.Successful exploitation of this vulnerability may affect|| 2021-10-28 is are oe 
service confidentiality. e 
: There is a Code injection vulnerability in Huawei 
huawei -- smartphones Smartphone. Successful exploitation of this vulnerability may 2021-10-28 Ris iar T 
exhaust system resources and cause the system to restart. ears 
hznuoj -- hznuoj A cross-site scripting (XSS) vulnerability was discovered in the 2021-10-28 not yet |CVE-2020-22312 
OJ/admin-tool /cal_scores.php function of HZNUOJ v1.0. calculated ||MISC 
bmi- id base IBM i2 iBase 8.9.13 and 9.0.0 could allow a local attacker to not vet CVE-2021-29868 
= obtain sensitive information due to insufficient session expiration. 2021-10-27 aad CONFIRM 
IBM X-Force ID: 206213. XF 
IBM Jazz Team Server products is vulnerable to server-side 
‘bin esiaze ‘tear eerver request forgery (SSRF). This may allow an authenticated attacker 2021-10-27 not yet aaa 
jazz = to send unauthorized requests from the system, potentially leading calculated CONFIRM 
to network enumeration or facilitating other attacks. sr 
bm jazz team: Server IBM Jazz Team Server products stores user credentials in clear not yet CVE-2021-29786 
jazz_team_ text which can be read by an authenticated user. IBM X-Force ID: || 2021-10-27 || 10 0. 4 XE 
203172. CONFIRM 
Under certain circumstances, when manipulating the Windows 
registry, InstallBuilder uses the reg.exe system command. The full 
path to the command is not enforced, which results in a search in 
À : ; : the search path until a binary can be identified. This makes the 
neta UIE = merade installer/uninstaller vulnerable to Path Interception by Search 2021-10-29 Flint ee 
Order Hijacking, potentially allowing an attacker to plant a BE 
malicious reg.exe command so it takes precedence over the 
system command. The vulnerability only affects Windows 
installers. 
On Windows, the uninstaller binary copies itself to a fixed 
temporary location, which is then executed (the originally called 
uninstaller exits, so it does not block the installation directory). 
i : : f This temporary location is not randomized and does not restrict 
instalibuilder =-installbuilder access to Administrators only so a potential attacker could plant a || 2021-10-29 eed De = 
binary to replace the copied binary right before it gets called, thus B 
gaining Administrator privileges (if the original uninstaller was 
executed as Administrator). The vulnerability only affects Windows 
installers. 
IrfanView 4.54 allows attackers to cause a denial of service or CVE-2020-23549 
irfanview -- irfanview possibly other unspecified impacts via a crafted .cr2 file, related to 2021-10-28 not yet Msc 
a "Data from Faulting Address controls Branch Selection starting calculated |i a5 
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Primary ae A CVSS Source & Patch 
Vendor -- Product Description Published Score Info 
IrfanView 4.54 allows attackers to cause a denial of service or 
ifanview e idanview possibly other unspecified impacts via a crafted XBM file, related not vet a 
to a "Data from Faulting Address is used as one or more 2021-10-28 y PETEA 
F : 3 calculated ||MISC 
arguments in a subsequent Function Call starting at MISC 
FORMATS!ReadMosaic+0x0000000000000981. = 
FirstUseAuthenticator is a JupyterHub authenticator that helps 
new users set their password on their first login to JupyterHub. 
When JupyterHub is used with FirstUseAuthenticator, a 
vulnerability in versions prior to 1.0.0 allows unauthorized access 
to any user's account if ‘create_users=True’ and the username is 
known or guessed. One may upgrade to version 1.0.0 or apply a 
: í patch manually to mitigate the vulnerability. For those who cannot CVE-2021-41194 
jupyterhub -- jupyterhub ; : ate not yet |MISC 
upgrade, there is no complete workaround, but a partial mitigation || 2021-10-28 calculated |CONFIRM 
exists. One can disable user creation with Msc 
`c.FirstUseAuthenticator.create_users = False’, which will only —= 
allow login with fully normalized usernames for already existing 
users prior to jupyterhub-firstuserauthenticator 1.0.0. If any users 
have never logged in with their normalized username (i.e. 
lowercase), they will still be vulnerable until a patch or upgrade 
occurs. 
A missing HTTP header (X-Frame-Options) in Kiwi Syslog Server 
has left customers vulnerable to click jacking. Clickjacking is an 
attack that occurs when an attacker uses a transparent iframe in a 
kiwi -- syslog_server window to trick a user into clicking on an actionable item, such as not yet CVE-2021-35237 
ysiog_; ! gona Die 2021-10-29 yet [MISC 
a button or link, to another server in which they have an identical calculated MISC 
webpage. The attacker essentially hijacks the user activity as 
intended for the original server and sends them to the other 
server. This is an attack on both the user and the server. 
not vet CVE-2021-3756 
libmysofa -- libmysofa libmysofa is vulnerable to Heap-based Buffer Overflow 2021-10-29 M MISC 
calculated 
CONFIRM 
An issue was discovered in the Linux kernel before 5.14.8. A use- 
after-free in selinux_ptrace_traceme (aka the SELinux handler for CVE-2021-43057 
inus- linux Kernel PTRACE_TRACEME) could be used by local attackers to cause 2021-10-28 not yet MISC 
= memory corruption and escalate privileges, aka CID- calculated |MISC 
a3727a8bac0a. This occurs because of an attempt to access the MISC 
subjective credentials of another task. 
An issue was discovered in the Linux kernel for powerpc before CVE-2021-43056 
Inu linux kernel 5.14.15. It allows a malicious KVM guest to crash the host, when nok vet MISC 
= the host is running on Power§8, due to an 2021-10-28 eaei MISC 
arch/powerpc/kvm/book3s_hv_rmhandlers.S implementation bug MISC 
in the handling of the SRR1 register values. MLIST 
l In M-Files Web product with versions before 20.10.9524.1 and CVE-2021-37254 
m-files_web -- m-files_web 20.10.9445.0, a remote attacker could use a flaw to obtain 2021-10-28 not yet MISC. 
unauthenticated access to 3rd party component license key calculated MISC 
information on server. 
A remote code execution (RCE) vulnerability in the component 
Maamaa /codebase/dir.php?type=filenew of Mara v7.5 allows attackers to 2021-10-28 fnot yet LE 20213004 
p ‘ : calculated ||MISC 
execute arbitrary commands via a crafted PHP file. 
A remote code execution (RCE) vulnerability in the component 
/admin/index.php? 
monstra monsta id=themes&action=edit_template&filename=blog of Monstra 2021-10-28 a o m e 
v3.0.4 allows attackers to execute arbitrary commands via a n 
crafted PHP file. 
In mymbCONNECT24, moCONNECT24 <= 2.9.0 an 
mymbconnect24 -- mymbconnect24 |lunauthenticated user can enumerate valid backend users by 2021-10-27 not yet ||CVE-2021-34580 
checking what kind of response the server sends for crafted calculated |CONFIRM 
invalid login attempts. 
An issue was discovered in Nagios XI 5.8.5. In the Manage CVE-2021-40345 
nagios -- xi Dashlets section of the Admin panel, an administrator can upload 2021-10-26 not yet MISC 
ZIP files. A command injection (within the name of the first file in calculated |MISC 
the archive) allows an attacker to execute system commands. MISC 
An issue was discovered in Nagios XI 5.8.5. In the Custom 
nagios -- xi Includes section of the Admin panel, an administrator can upload not yet a 
files with arbitrary extensions as long as the MIME type 2021-10-26 calculated |IMISC 
corresponds to an image. Therefore it is possible to upload a MISC 
crafted PHP script to achieve remote command execution. a 
F : An issue was discovered in Nagios XI 5.8.5. Insecure file CVE-2021-40343 
nagios -- xi aa f : : not yet ||MISC 
permissions on the nagios_unbundler.py file allow the nagios user || 2021-10-26 
oi calculated ||MISC 
to elevate their privileges to the root user. MISC 
An Improper input validation in execDefaultBrowser method of 
nexacrot =- nexacrüt/ NEXACRO17 allows a remote attacker to execute arbitrary 2021-10-26 M 2 d oe 
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Primary ae A CVSS Source & Patch 
Vendor -- Product Description eubllphed | Score Info 
haince naix A security issue was discovered in ingress-nginx where a user ñotyet CVE-2021-25742 
9 9 that can create or update ingress objects can use the custom 2021-10-29 aa MLIST 
snippets feature to obtain all secrets in the cluster. CONFIRM 
NVIDIA vGPU software contains a vulnerability in the Virtual GPU 
Manager (vGPU plugin), where a string provided by the guest OS 
aA may not be properly null terminated. The guest OS or attacker has laii not yet ||CVE-2021-1120 
nvidia -- virtual_gpu_manager no ability to push content to the plugin through this vulnerability, aioli calculated |CONFIRM 
which may lead to information disclosure, data tampering, 
unauthorized code execution, and denial of service. 
NVIDIA vGPU software contains a vulnerability in the Virtual GPU 
nvidia -- virtual_gopu_manager Manager (vGPU plugin), where it can dereference a NULL pointer, | 2021-10-29 Pea ae a 
which may lead to denial of service. a 
NVIDIA vGPU software contains a vulnerability in the Virtual GPU 
ee Manager (vGPU plugin), where there is the potential to execute t z 
nvidia: Virtual gpu manager privileged operations by the guest OS, which may lead to 2021-10-29 aa oe 
information disclosure, data tampering, escalation of privileges, A a 
and denial of service 
NVIDIA vGPU software contains a vulnerability in the Virtual GPU 
aali Manager (vGPU plugin), where it can double-free a pointer, which y £ 
nvidia = virtual- gpu- manager may lead to denial of service. This flaw may result in a write-what- || 2021-10-29 M oe 
where condition, allowing an attacker to execute arbitrary code ea 
impacting integrity and availability. 
NVIDIA vGPU software contains a vulnerability in the Virtual GPU 
nvidia -- virtual_gpu_manager Manager kernel driver, where a vGPU can cause resource 2021-10-29 not yet |CVE-2021-1121 
starvation among other vGPUs hosted on the same GPU, which calculated |CONFIRM 
may lead to denial of service. 
si : NVIDIA vGPU software contains a vulnerability in the Virtual GPU 
nvidia = virtual gpu manager Manager (vGPU plugin), where it can deadlock, which may lead to] 2021-10-29 | Totyet r 
denial of service. Gaa 
oretnom23 -- oi d ee 
: An SQL Injection vulnerabilty exists in the oretnom23 Pharmacy 40. not yet |CVE-2021-41676 
pharmacy_point_of_sale_system Point of Sale System 1.0 in the login function in actions.php. ADANI calculated ||MISC 
SQL Injection vulnerabilities exist in https://phpgurukul.com News 
Portal Project 3.1 via the (1) category, (2) subcategory, (3) 
E ' sucatdescription, and (4) username parameters, the server j i 
phpgurukul -= news portal project response is about (N) seconds delay respectively which mean it is | 2021-10-27 d aii 
vulnerable to MySQL Blind (Time Based). An attacker can use (eee 
sqlmap to further the exploitation for extracting sensitive 
information from the database. 
tpauruiküli-= An SQL Injection vulneraility exists in https://phpgurukul.com 
Pra chopping: portal Online Shopping Portal 3.1 via the email parameter on the 2021-10-27 not yet |CVE-2021-37807 
Snopping_p /check_availability.pbhp endpoint that serves as a checker whether calculated ||MISC 
a new user's email is already exist within the database. 
; ; An Incorrect Access Control issue exists in all versions of 
portaner=ponaner Portainer.via an unauthorized access vulnerability. The 2021-10-29 ea oo 
vulnerability is also CNVD-2021-49547 —— 
: : An unauthorized access vulnerabiitly exists in all versions of 
portainer = portainer Portainer, which could let a malicious user obtain sensitive 2021-10-29 ao ae a 
information. ——— 
A vulnerability was discovered in the filename parameter in CVE-2020-25881 
ranko -- ranko pathindex phpfr=ems- notyet MISC 
backend/attachment/delete&sub=8&filename=../../../../111.txt&filetyp¢=RAAgeT/PaD calculated MISC 
of the master version of RKCMS. This vulnerability allows for an MISC 
attacker to perform a directory traversal via a crafted .txt file. = 
Roblox-Purchasing-Hub is an open source Roblox product 
roblaxpurehasinachub = fobloxe purchasing hub. A security risk in versions 1.0.1 and prior allowed CVE-2021-41191 
ARARA hub 9 people who have someone's API URL to get product files without 2021-10-27 not yet MISC 
P g an API key. This issue is fixed in version 1.0.2. As a workaround, calculated |CONFIRM 
add `@require_apikey` in ‘BOT/lib/cogs/website.py’ under the MISC 
route for */v1/products’. 
skyworth -- Skyworth Digital Technology Penguin Aurora Box 41502 has a z 9 
digital_technology_penguin_aurora_|fstenial of service vulnerability, which can be exploited by attackers || 2021-10-27 aS oe 
to cause a denial of service. eo 
_ A local attacker could bypass the app password using a race $ g 
Sophos = S0ph6s condition in Sophos Secure Workspace for Android before version || 2021-10-30 Pe cae oa = 
9.7.3115. ee ee 
sorececodster -- An SQL Injection vulnerability exists in Sourcecodester Online 
online_covid_vaccination_scheduler||Ggsidrvaccination Scheduler System 1.0 via the username in 2021-10-27 not yet (GVE-2021-37803 
À calculated ||MISC 
lognin.php . 
sorececodster -- A Stored Cross Site Scripting (XSS) vunerability exists in F 7 
Vehicle_parking_managemenr_systeourcecodeste Vehicle Parking Management System affected 2021-10-27 a “a d it: ncaa 
version 1.0 is via the add-vehicle.php endpoint. er 
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HTML via a crafted payload under the Add Event module. 

















Primary ore A CVSS Source & Patch 
Vendor -- Product Description Published Score Info 
An SQL Injection vulnerability exists in https://phpgurukul.com 
Vehicle Parking Management System affected version 1.0. The 
system is vulnerable to time-based SQL injection on multiple 
sorececodster -- endpoints. Based on the SLEEP(N) function payload that will 
Vvehicle_parking_management_systelsieep for a number of seconds used on the (1) editid , (2) viewid, 2021-10-27 a iT ai 
and (3) catename parameters, the server response is about (N) FE 
seconds delay respectively which mean it is vulnerable to MySQL 
Blind (Time Based). An attacker can use sqlmap to further the 
exploitation for extracting sensitive information from the database. 
Remote Code Execution (RCE) vulnerability exists in 
ees ourcecodester Budget and Expense Tracker System 1.0 that not yet CVE-2021-41645 
budget_and_expense_tracker_syste llows a remote malicious user to inject arbitrary code via the 202E 107A calculated |MISC 
image upload field. . 
sourcecodester -- Remote Code Execution (RCE) vulnerability exists in 
church_management_system Sourcecodester Church Management System 1.0 via the image 2021-10-29 ba a — 
upload field. calcurated WS% 
Sourecodester e: A Remote Code Execution (RCE) vulnerabilty exists in 
hegosvo. véte Sourcecodester E-Negosyo System 1.0 in 2021-10-29 not yet ||CVE-2021-41675 
gosyo_sy /admin/produts/controller.php via the dolnsert function, which calculated |MISC 
validates images with getlmageSizei. . 
sourcecodester -- e- An SQL Injection vulnerability exists in Sourcecodester E- 
negosyo_system Negosyo System 1.0 via the user_email parameter in 2021-10-29 a <a 
/admin/login.php. (arama 
sourcecodester= Remote Code Exection (RCE) vulnerability exists in 
online. food orderinánsysterm Sourcecodester Online Food Ordering System 2.0 via a 2021-10-29 not yet ||CVE-2021-41644 
= = 9_sy maliciously crafted PHP file that bypasses the image upload calculated ||MISC 
filters. 
Remote Code Execution (RCE) vulnerability exists in 
sbureecodester = s dester Online Reviewer S 1.0 by uploadi VE-2021-4164 
online_reviewer_system ourceco ester Online eviewer ystem 1. y uploading a 2021-10-29 not yet ||CVE- -41646 
= = maliciously crafted PHP file that bypasses the image upload calculated |MISC 
filters.. 
In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and 
spring -- spring older unsupported versions, it is possible for a user to provide 2021-10-28 B not wee 
malicious input to cause the insertion of additional log entries. er 
In Spring AMQP versions 2.2.0 - 2.2.18 and 2.3.0 - 2.3.10, the 
Spring AMQP Message object, in its toString() method, will 
spring -- spring deserialize a body for a message with content type application/x- 2021-10-28 not yet |CVE-2021-22097 
java-serialized-object. It is possible to construct a malicious calculated |MISC 
java.util. Dictionary object that can cause 100% CPU usage in the 
application if the toString() method is called. 
In Spring Data REST versions 3.4.0 - 3.4.13, 3.5.0 - 3.5.5, and 
older unsupported versions, HTTP resources implemented by 
spring -- spring custom controllers using a configured base API path and a 2021-10-28 not yet CVE-2021-22047 
controller type-level request mapping are additionally exposed calculated |MISC 
under URIs that can potentially be exposed for unauthorized 
access depending on the Spring Security configuration. 
In Spring Cloud OpenFeign 3.0.0 to 3.0.4, 2.2.0.RELEASE to 
; : 2.2.9.RELEASE, and older unsupported versions, applications 
Spring:<=Spring using type-level ‘@RequestMapping annotations over Feign client |} 2021-10-28 ee oo 
interfaces, can be involuntarily exposing endpoints corresponding E 
to ‘@RequestMapping -annotated interface methods. 
sysaid -- sysaid SysAid 20.4.74 allows XSS via the KeepAlive.jsp stamp not yet CVE-2021-31862 
: Sana 2021-10-29 MISC 
parameter without any authentication. calculated MISC 
Stack-based buffer overflow in Tenda AC-10U AC1200 Router CVE-2020-22079 
tenda -- ac1200_router US_AC10UV1.0RTL_V15.03.06.48_multi_TDE01 allows remote 2021-10-29 not yet MSC .OCOC~™S 
attackers to execute arbitrary code via the timeZone parameter to calculated MISC 
goform/SetSysTimeCfg. paneer 
Buffer Overflow vulnerability in Tenda AC9 V1.0 through nok vet CVE-2021-31627 
tenda -- ac9 V15.03.05.19(6318), and AC9 V3.0 V15.03.06.42_ multi, allows 2021-10-29 cued MISC 
attackers to execute arbitrary code via the index parameter. MISC 
anda aed Buffer Overflow vulnerability in Tenda AC9 V1.0 through notyèt CVE-2021-31624 
V15.03.05.19(6318), and AC9 V3.0 V15.03.06.42_multi, allows 2021-10-29 ruied MISC 
attackers to execute arbitrary code via the urls parameter. MISC 
TikiWiki v21.4 was discovered to contain a cross-site scripting 
fees aay (XSS) vulnerability in the component tiki-browse_categories.php. aan not yet |CVE-2021-36550 
kiwikt = tikiwiki This vulnerability allows attackers to execute arbitrary web scripts ete 28 calculated |MISC 
or HTML via a crafted payload under the Create category module. 
TikiWiki v21.4 was discovered to contain a cross-site scripting 
tikiwiki -- tikiwiki (XSS) vulnerability in the component tiki-calendar.php. This 2021-10-28 not yet CVE-2021-36551 
vulnerability allows attackers to execute arbitrary web scripts or calculated ||MISC 
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Prima ae : CVSS Source & Patch 
Vendor -- india Description eubllehed | Score Info 
vim -- vim not yet [CVE=2021-3903 
vim is vulnerable to Heap-based Buffer Overflow 2021-10-27 calculated MISC 
CONFIRM 
SQL Injection vulnerability exists in all versions of Yonyou CVE-2021-41746 
yonyou -- turbocrm ‘TurboCRM.via the orgcode parameter in changepswd.php. 2021-10-29 not yet Msc = 
Attackers can use the vulnerabilities to obtain sensitive database calculated MISC 
information. —= 
Zoom Call Recording 6.3.1 from ZOOM International is vulnerable 
Zoom -- call_recording to Java Deserialization attacks targeting the inbuilt RMI service. A not yet CVE-2019-19810 
= remote unauthenticated attacker can exploit this vulnerability by 2021-10-28 calculated MISC 
sending crafted RMI requests to execute arbitrary code on the MISC 
target host. 
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